7
CVE-2022-23817
- EPSS 0.06%
- Veröffentlicht 13.08.2024 17:15:18
- Zuletzt bearbeitet 16.08.2024 21:35:00
- Quelle psirt@amd.com
- Teams Watchlist Login
- Unerledigt Login
Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstelleramd
≫
Produkt
ryzen_3_3300x_firmware
Default Statusaffected
Version <
comboam4v2_1.2.0.a
Version
0
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_3_3300u_firmware
Default Statusaffected
Version <
picassopi-fp5_1.0.0.e
Version
0
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_3_pro_3200g_firmware
Default Statusaffected
Version <
comboam4v2_pi_1.2.0.8
Version
0
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_5_7500f_firmware
Default Statusaffected
Version <
comboam5_1.0.8.0
Version
0
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_threadripper_pro_3995wx_firmware
Default Statusaffected
Version <
castlepeakpi-sp3r3_1.0.0.8
Version
0
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_threadripper_pro_3995wx_firmware
Default Statusaffected
Version <
castlepeakwspi-swrx8_1.0.0.a
Version
0
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_threadripper_pro_5995wx_firmware
Default Statusaffected
Version <
chagallwspi-swrx8_1.0.0.5
Version
0
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_3_4300u_firmware
Default Statusaffected
Version <
renoirpi-fp6_1.0.0.a
Version
0
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_5_6600u_firmware
Default Statusaffected
Version <
rembrandtpi-fp7_1.0.0.5
Version
0
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_3_7335u_firmware
Default Statusaffected
Version <
rembrandtpi-fp7_1.0.0.5
Version
0
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_7_7745hx_firmware
Default Statusaffected
Version <
dragonrangefl1pi_1.0.0.3b
Version
0
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_5_5600x_firmware
Default Statusaffected
Version <
comboam4v2_pi_1.2.0.8
Version
0
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_3_5300g_firmware
Default Statusaffected
Version <
cezannepi-fp6_1.0.0.c
Version
0
Status
unaffected
Herstelleramd
≫
Produkt
ryzen_3_5425c_firmware
Default Statusaffected
Version <
cezannepi-fp6_1.0.0.c
Version
0
Status
unaffected
Herstelleramd
≫
Produkt
athlon_pro_300ge_firmware
Default Statusaffected
Version <
picassopi-fp5_1.0.0.e
Version
0
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.173 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@amd.com | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.