8.2

CVE-2022-23815

Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AmdAthlon Silver 3050u Firmware Version < picassopi-fp5_1.0.0.e
   AmdAthlon Silver 3050u Version-
AmdAthlon Gold 3150u Firmware Version < picassopi-fp5_1.0.0.e
   AmdAthlon Gold 3150u Version-
AmdRyzen 7 3780u Firmware Version < picassopi-fp5_1.0.0.e
   AmdRyzen 7 3780u Version-
AmdRyzen 7 3750h Firmware Version < picassopi-fp5_1.0.0.e
   AmdRyzen 7 3750h Version-
AmdRyzen 7 Pro 3700u Firmware Version < picassopi-fp5_1.0.0.e
   AmdRyzen 7 Pro 3700u Version-
AmdRyzen 7 3700u Firmware Version < picassopi-fp5_1.0.0.e
   AmdRyzen 7 3700u Version-
AmdRyzen 5 3580u Firmware Version < picassopi-fp5_1.0.0.e
   AmdRyzen 5 3580u Version-
AmdRyzen 5 3550h Firmware Version < picassopi-fp5_1.0.0.e
   AmdRyzen 5 3550h Version-
AmdRyzen 5 3500u Firmware Version < picassopi-fp5_1.0.0.e
   AmdRyzen 5 3500u Version-
AmdRyzen 3 3300u Firmware Version < picassopi-fp5_1.0.0.e
   AmdRyzen 3 3300u Version-
AmdRyzen 3 3250u Firmware Version < picassopi-fp5_1.0.0.e
   AmdRyzen 3 3250u Version-
AmdRyzen 3 3200u Firmware Version < picassopi-fp5_1.0.0.e
   AmdRyzen 3 3200u Version-
AmdAthlon Gold 3150g Firmware Version-
   AmdAthlon Gold 3150g Version-
AmdAthlon Pro 300ge Firmware Version-
   AmdAthlon Pro 300ge Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.06% 0.194
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.2 1.5 6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
psirt@amd.com 7.5 0.8 6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.