CVE-2022-23820
HIGHAMD SMM - RCE
Title source: llmDescription
Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.
Scores
CVSS v3
7.5
EPSS
0.0018
EPSS Percentile
39.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Classification
CWE
CWE-20
Status
published
Affected Products (50)
amd/ryzen_9_3900_firmware
amd/ryzen_9_3900_firmware
amd/ryzen_9_3900x_firmware
amd/ryzen_9_3900x_firmware
amd/ryzen_9_3900xt_firmware
amd/ryzen_9_3900xt_firmware
amd/ryzen_9_3950x_firmware
amd/ryzen_9_3950x_firmware
amd/ryzen_7_3700x_firmware
amd/ryzen_7_3700x_firmware
amd/ryzen_7_3800x_firmware
amd/ryzen_7_3800x_firmware
amd/ryzen_7_3800xt_firmware
amd/ryzen_7_3800xt_firmware
amd/ryzen_5_3500_firmware
... and 35 more
Timeline
Published
Nov 14, 2023
Tracked Since
Feb 18, 2026