Vulnerability in Amd 3rd Gen Epyc™ Processors
CVE-2022-23820
Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.
EPSS: 0.002 (35.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Amd 3rd Gen Epyc™ Processors — versions various
- Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics “Picasso” Am4 — versions various
- Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “Pollock” — versions various
- Amd Epyc™ Embedded 7003 — versions various
- Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics “Picasso” Fp5 — versions various
- Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics “Renoir” Fp6 — versions various
- Amd Ryzen™ 5000 Series Desktop Processors “Vermeer” — versions various
- Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics “Cezanne” — versions various
- Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “Cezanne” — versions various
- Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “Lucienne” — versions various
References
- www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 (vendor-advisory)
- www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 (vendor-advisory)
- www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 (vendor-advisory)
Frequently asked questions
- What is CVE-2022-23820?
- CVE-2022-23820 is a high-severity vulnerability in Amd 3rd Gen Epyc™ Processors. CVSS score: 7.5/10. Published 2023-11-14.
- How severe is CVE-2022-23820?
- High severity. CVSS v3 base score is 7.5 out of 10.