CVE-2022-23829

HIGH

AMD Ryzen Processors - Improper Access Control in SPI Protection Features

Title source: llm

Description

A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.

References (1)

Core 1

Core References

Vendor Advisory

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html

Scores

CVSS v3 8.2

EPSS 0.0001

EPSS Percentile 0.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Products (24)

AMD/1st Gen AMD EPYC™ Processors various

AMD/2nd Gen AMD EPYC™ Processors various

AMD/3rd Gen AMD EPYC™ Processors various

AMD/AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics various

AMD/AMD EPYC (TM) Embedded 7002 various

AMD/AMD EPYC™ Embedded 3000 various

AMD/AMD EPYC™ Embedded 7003 various

AMD/AMD RyzenTM Embedded 5000 various

AMD/AMD RyzenTM Embedded R1000 various

AMD/AMD RyzenTM Embedded R2000 various

... and 14 more

Published Jun 18, 2024

Tracked Since Feb 18, 2026