CVE-2022-23820 — HIGH (7.5)

Vulnerability Description

Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Amd	Ryzen 9 3900 Firmware	comboam4_pi_1.0.0.9
Amd	Ryzen 9 3900	-
Amd	Ryzen 9 3900X Firmware	comboam4_pi_1.0.0.9
Amd	Ryzen 9 3900X	-
Amd	Ryzen 9 3900Xt Firmware	comboam4_pi_1.0.0.9
Amd	Ryzen 9 3900Xt	-
Amd	Ryzen 9 3950X Firmware	comboam4_pi_1.0.0.9
Amd	Ryzen 9 3950X	-
Amd	Ryzen 7 3700X Firmware	comboam4_pi_1.0.0.9
Amd	Ryzen 7 3700X	-
Amd	Ryzen 7 3800X Firmware	comboam4_pi_1.0.0.9
Amd	Ryzen 7 3800X	-
Amd	Ryzen 7 3800Xt Firmware	comboam4_pi_1.0.0.9
Amd	Ryzen 7 3800Xt	-
Amd	Ryzen 5 3500 Firmware	comboam4_pi_1.0.0.9
Amd	Ryzen 5 3500	-
Amd	Ryzen 5 3500X Firmware	comboam4_pi_1.0.0.9
Amd	Ryzen 5 3500X	-
Amd	Ryzen 5 3600 Firmware	comboam4_pi_1.0.0.9
Amd	Ryzen 5 3600	-

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2022-23820?

CVE-2022-23820 is a vulnerability with a CVSS score of 7.5 (HIGH). Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.

How severe is CVE-2022-23820?

CVE-2022-23820 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-23820?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Ryzen 9 3900 Firmware, Amd Ryzen 9 3900, Amd Ryzen 9 3900X Firmware, Amd Ryzen 9 3900X, Amd Ryzen 9 3900Xt Firmware.