Vulnerability Description
SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
CVSS Score
1.9
LOW
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amd | Epyc 9654P Firmware | < genoapi_1.0.0.1 |
| Amd | Epyc 9654P | - |
| Amd | Epyc 9654 Firmware | < genoapi_1.0.0.1 |
| Amd | Epyc 9654 | - |
| Amd | Epyc 9634 Firmware | < genoapi_1.0.0.1 |
| Amd | Epyc 9634 | - |
| Amd | Epyc 9554P Firmware | < genoapi_1.0.0.1 |
| Amd | Epyc 9554P | - |
| Amd | Epyc 9554 Firmware | < genoapi_1.0.0.1 |
| Amd | Epyc 9554 | - |
| Amd | Epyc 9534 Firmware | < genoapi_1.0.0.1 |
| Amd | Epyc 9534 | - |
| Amd | Epyc 9474F Firmware | < genoapi_1.0.0.1 |
| Amd | Epyc 9474F | - |
| Amd | Epyc 9454P Firmware | < genoapi_1.0.0.1 |
| Amd | Epyc 9454P | - |
| Amd | Epyc 9454 Firmware | < genoapi_1.0.0.1 |
| Amd | Epyc 9454 | - |
| Amd | Epyc 9374F Firmware | < genoapi_1.0.0.1 |
| Amd | Epyc 9374F | - |
References
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002Vendor Advisory
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002Vendor Advisory
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001
FAQ
What is CVE-2022-23830?
CVE-2022-23830 is a vulnerability with a CVSS score of 1.9 (LOW). SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
How severe is CVE-2022-23830?
CVE-2022-23830 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23830?
Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 9654P Firmware, Amd Epyc 9654P, Amd Epyc 9654 Firmware, Amd Epyc 9654, Amd Epyc 9634 Firmware.