7.3
CVE-2022-23817
- EPSS 0.1%
- Veröffentlicht 13.08.2024 17:15:18
- Zuletzt bearbeitet 15.05.2026 05:16:30
- Quelle psirt@amd.com
- CVE-Watchlists
- Unerledigt
Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege escalation.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstelleramd
≫
Produkt
ryzen_3_3300x_firmware
Default Statusaffected
Version
0
Version <
comboam4v2_1.2.0.a
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_3_3300u_firmware
Default Statusaffected
Version
0
Version <
picassopi-fp5_1.0.0.e
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_3_pro_3200g_firmware
Default Statusaffected
Version
0
Version <
comboam4v2_pi_1.2.0.8
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_5_7500f_firmware
Default Statusaffected
Version
0
Version <
comboam5_1.0.8.0
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_threadripper_pro_3995wx_firmware
Default Statusaffected
Version
0
Version <
castlepeakpi-sp3r3_1.0.0.8
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_threadripper_pro_3995wx_firmware
Default Statusaffected
Version
0
Version <
castlepeakwspi-swrx8_1.0.0.a
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_threadripper_pro_5995wx_firmware
Default Statusaffected
Version
0
Version <
chagallwspi-swrx8_1.0.0.5
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_3_4300u_firmware
Default Statusaffected
Version
0
Version <
renoirpi-fp6_1.0.0.a
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_5_6600u_firmware
Default Statusaffected
Version
0
Version <
rembrandtpi-fp7_1.0.0.5
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_3_7335u_firmware
Default Statusaffected
Version
0
Version <
rembrandtpi-fp7_1.0.0.5
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_7_7745hx_firmware
Default Statusaffected
Version
0
Version <
dragonrangefl1pi_1.0.0.3b
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_5_5600x_firmware
Default Statusaffected
Version
0
Version <
comboam4v2_pi_1.2.0.8
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_3_5300g_firmware
Default Statusaffected
Version
0
Version <
cezannepi-fp6_1.0.0.c
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_3_5425c_firmware
Default Statusaffected
Version
0
Version <
cezannepi-fp6_1.0.0.c
Status
unaffected
Herstelleramd
≫
Produkt
athlon_pro_300ge_firmware
Default Statusaffected
Version
0
Version <
picassopi-fp5_1.0.0.e
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.275 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@amd.com | 7.3 | 0 | 0 |
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.