CVE-2022-23817

EPSS 0.06%
Published 13.08.2024 17:15:18
Last modified 16.08.2024 21:35:00
Source psirt@amd.com
Teams watchlist Login
Open Login

Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Vendoramd

≫

Product ryzen_3_3300x_firmware

Default Statusaffected

Version < comboam4v2_1.2.0.a

Version 0

Status unaffected

Vendoramd

≫

Product ryzen_3_3300u_firmware

Default Statusaffected

Version < picassopi-fp5_1.0.0.e

Version 0

Status unaffected

Vendoramd

≫

Product ryzen_3_pro_3200g_firmware

Default Statusaffected

Version < comboam4v2_pi_1.2.0.8

Version 0

Status unaffected

Vendoramd

≫

Product ryzen_5_7500f_firmware

Default Statusaffected

Version < comboam5_1.0.8.0

Version 0

Status unaffected

Vendoramd

≫

Product ryzen_threadripper_pro_3995wx_firmware

Default Statusaffected

Version < castlepeakpi-sp3r3_1.0.0.8

Version 0

Status unaffected

Vendoramd

≫

Product ryzen_threadripper_pro_3995wx_firmware

Default Statusaffected

Version < castlepeakwspi-swrx8_1.0.0.a

Version 0

Status unaffected

Vendoramd

≫

Product ryzen_threadripper_pro_5995wx_firmware

Default Statusaffected

Version < chagallwspi-swrx8_1.0.0.5

Version 0

Status unaffected

Vendoramd

≫

Product ryzen_3_4300u_firmware

Default Statusaffected

Version < renoirpi-fp6_1.0.0.a

Version 0

Status unaffected

Vendoramd

≫

Product ryzen_5_6600u_firmware

Default Statusaffected

Version < rembrandtpi-fp7_1.0.0.5

Version 0

Status unaffected

Vendoramd

≫

Product ryzen_3_7335u_firmware

Default Statusaffected

Version < rembrandtpi-fp7_1.0.0.5

Version 0

Status unaffected

Vendoramd

≫

Product ryzen_7_7745hx_firmware

Default Statusaffected

Version < dragonrangefl1pi_1.0.0.3b

Version 0

Status unaffected

Vendoramd

≫

Product ryzen_5_5600x_firmware

Default Statusaffected

Version < comboam4v2_pi_1.2.0.8

Version 0

Status unaffected

Vendoramd

≫

Product ryzen_3_5300g_firmware

Default Statusaffected

Version < cezannepi-fp6_1.0.0.c

Version 0

Status unaffected

Vendoramd

≫

Product ryzen_3_5425c_firmware

Default Statusaffected

Version < cezannepi-fp6_1.0.0.c

Version 0

Status unaffected

Vendoramd

≫

Product athlon_pro_300ge_firmware

Default Statusaffected

Version < picassopi-fp5_1.0.0.e

Version 0

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.173

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@amd.com	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html

https://nvd.nist.gov/vuln/detail/CVE-2022-23817

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-23817

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-23817

EUVD