github - ghsa-wrmf-3x8w-vcx2

ghsa-wrmf-3x8w-vcx2

Vulnerability from github

Published

2023-11-14 21:30

Modified

2024-02-13 21:30

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-23821"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-14T19:15:10Z",
    "severity": "CRITICAL"
  },
  "details": "Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n",
  "id": "GHSA-wrmf-3x8w-vcx2",
  "modified": "2024-02-13T21:30:24Z",
  "published": "2023-11-14T21:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23821"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2022-23821 (GCVE-0-2022-23821)

Vulnerability from cvelistv5

Published

2023-11-14 18:54

Modified

2024-12-03 14:26

Severity ?

Summary

Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.

References

URL

Tags

	https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002	vendor-advisory
	https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001	vendor-advisory

Impacted products

Vendor

Product

Version

AMD

Ryzen™ 3000 Series Desktop Processors “Matisse”

Version: various

AMD	Ryzen™ 5000 Series Desktop Processors “Vermeer”	Version: various
AMD	Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”	Version: various
AMD	Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4	Version: various
AMD	Ryzen™ Threadripper™ 2000 Series Processors “Colfax”	Version: various
AMD	Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT	Version: various
AMD	Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3	Version: various
AMD	Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS	Version: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5	Version: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”	Version: various
AMD	Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5	Version: various
AMD	Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6	Version: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”	Version: various
AMD	Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4	Version: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”	Version: various
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"	Version: various
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”	Version: various
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”	Version: various
AMD	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”	Version: various
AMD	AMD Ryzen™ Embedded R1000	Version: various
AMD	AMD Ryzen™ Embedded R2000	Version: various
AMD	AMD Ryzen™ Embedded 5000	Version: various
AMD	AMD Ryzen™ Embedded V1000	Version: various
AMD	AMD Ryzen™ Embedded V2000	Version: various
AMD	AMD Ryzen™ Embedded V3000	Version: various

Show details on NVD website