A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00005.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://nvd.nist.gov/vuln/detail/CVE-2022-23829 cve-icon
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1041 cve-icon
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-23829 cve-icon
History

Thu, 29 Aug 2024 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2024-08-29T20:40:26.171Z

Reserved: 2022-01-21T17:20:55.781Z

Link: CVE-2022-23829

cve-icon Vulnrichment

Updated: 2024-08-03T03:51:46.075Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-18T19:15:56.957

Modified: 2024-11-21T06:49:20.150

Link: CVE-2022-23829

cve-icon Redhat

Severity : Important

Publid Date: 2024-06-11T06:30:00Z

Links: CVE-2022-23829 - Bugzilla

cve-icon OpenCVE Enrichment

No data.