Vulnerability Details : CVE-2022-23820
Failure to validate the AMD SMM communication buffer
may allow an attacker to corrupt the SMRAM potentially leading to arbitrary
code execution.
Products affected by CVE-2022-23820
- cpe:2.3:o:amd:ryzen_threadripper_pro_3995wx_firmware:castlepeakpi-sp3r2_1.1.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_pro_3975wx_firmware:castlepeakpi-sp3r2_1.1.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_pro_3955wx_firmware:castlepeakpi-sp3r2_1.1.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_pro_3945wx_firmware:castlepeakpi-sp3r2_1.1.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_3990x_firmware:castlepeakpi-sp3r2_1.1.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_3970x_firmware:castlepeakpi-sp3r2_1.1.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_3960x_firmware:castlepeakpi-sp3r2_1.1.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_2990wx_firmware:summitpi-sp3r2_1.1.0.6:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_2970wx_firmware:summitpi-sp3r2_1.1.0.6:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_2950x_firmware:summitpi-sp3r2_1.1.0.6:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_threadripper_2920x_firmware:summitpi-sp3r2_1.1.0.6:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_3950x_firmware:comboam4_pi_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_3950x_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_3900x_firmware:comboam4_pi_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_3900x_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3800x_firmware:comboam4_pi_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3800x_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3700x_firmware:comboam4_pi_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3700x_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3600x_firmware:comboam4_pi_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3600x_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3600_firmware:comboam4_pi_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3600_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_3300x_firmware:comboam4_pi_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_3300x_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_3100_firmware:comboam4_pi_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_3100_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_5980hx_firmware:cezannepi-fp6_1.0.0.b:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_5980hs_firmware:cezannepi-fp6_1.0.0.b:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5825u_firmware:cezannepi-fp6_1.0.0.b:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_5900hx_firmware:cezannepi-fp6_1.0.0.b:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_5900hs_firmware:cezannepi-fp6_1.0.0.b:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5625u_firmware:cezannepi-fp6_1.0.0.b:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5800h_firmware:cezannepi-fp6_1.0.0.b:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5800hs_firmware:cezannepi-fp6_1.0.0.b:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5600h_firmware:cezannepi-fp6_1.0.0.b:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5600hs_firmware:cezannepi-fp6_1.0.0.b:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5800u_firmware:cezannepi-fp6_1.0.0.b:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5600u_firmware:cezannepi-fp6_1.0.0.b:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_5425u_firmware:cezannepi-fp6_1.0.0.b:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_5400u_firmware:cezannepi-fp6_1.0.0.b:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_4900hs_firmware:renoirpi-fp6_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_4800h_firmware:renoirpi-fp6_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_4600h_firmware:renoirpi-fp6_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5560u_firmware:cezannepi-fp6_1.0.0.b:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_5125c_firmware:cezannepi-fp6_1.0.0.b:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_5950x_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_5900x_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5800x_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5600x_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3750h_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3700u_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3550h_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3500u_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_3300u_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5700x_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5600_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5500_firmware:comboam4v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3600xt_firmware:comboam4_pi_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3600xt_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3800xt_firmware:comboam4_pi_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3800xt_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_4900h_firmware:renoirpi-fp6_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_4800u_firmware:renoirpi-fp6_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_4700u_firmware:renoirpi-fp6_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_4600u_firmware:renoirpi-fp6_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_4500u_firmware:renoirpi-fp6_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_4300u_firmware:renoirpi-fp6_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_3350u_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3580u_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3780u_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3450u_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3500c_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_3700c_firmware:picassopi-fp5_1.0.0.e:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_pro_3350ge_firmware:comboam4_pi_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_pro_3350ge_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_pro_3350g_firmware:comboam4_pi_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_pro_3350g_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_pro_3400ge_firmware:comboam4_pi_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_pro_3400ge_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_pro_3400g_firmware:comboam4_pi_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_pro_3400g_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3500_firmware:comboam4_pi_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3500_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3500x_firmware:comboam4_pi_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_3500x_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_3900_firmware:comboam4_pi_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_3900_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_3900xt_firmware:comboam4_pi_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_3900xt_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5800_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_5900_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_6980hx_firmware:rembrandtpi-fp7_1.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_6980hs_firmware:rembrandtpi-fp7_1.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_6900hx_firmware:rembrandtpi-fp7_1.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_6900hs_firmware:rembrandtpi-fp7_1.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_6800h_firmware:rembrandtpi-fp7_1.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_6800hs_firmware:rembrandtpi-fp7_1.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_6800u_firmware:rembrandtpi-fp7_1.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_6600h_firmware:rembrandtpi-fp7_1.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_6600hs_firmware:rembrandtpi-fp7_1.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_6600u_firmware:rembrandtpi-fp7_1.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_9_pro_5945_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_pro_5845_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_pro_5645_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_5700_firmware:comboam4v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_5100_firmware:comboam4v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_3015e_firmware:pollockpi-ft5_1.0.0.5:*:*:*:*:*:*:*
- cpe:2.3:o:amd:athlon_3015ce_firmware:pollockpi-ft5_1.0.0.5:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_4800hs_firmware:renoirpi-fp6_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_4980u_firmware:renoirpi-fp6_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_4600hs_firmware:renoirpi-fp6_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_4680u_firmware:renoirpi-fp6_1.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_7735hs_firmware:rembrandtpi-fp7_1.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_7736u_firmware:rembrandtpi-fp7_1.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_7_7735u_firmware:rembrandtpi-fp7_1.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_7535hs_firmware:rembrandtpi-fp7_1.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_7535u_firmware:rembrandtpi-fp7_1.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_3_7335u_firmware:rembrandtpi-fp7_1.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5500h_firmware:cezannepi-fp6_1.0.0.b:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_56003xd_firmware:comboam4_v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_5500x_firmware:comboam4v2_pi_1.2.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:amd:ryzen_5_55003xd_firmware:comboam4v2_pi_1.2.0.8:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-23820
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-23820
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
0.8
|
6.0
|
Advanced Micro Devices Inc. | 2024-06-18 |
CWE ids for CVE-2022-23820
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-23820
-
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002
AMD Server Vulnerabilities – Nov 2023Vendor Advisory
-
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002
AMD Client Vulnerabilities – November 2023Vendor Advisory
-
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001
AMD Embedded Processors Vulnerabilities – February 2024
Jump to