{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-23829", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2022-01-21T17:20:55.781Z", "datePublished": "2024-06-18T19:01:24.315Z", "dateUpdated": "2024-08-29T20:40:26.171Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors 5900 WX-Series", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Mobile Processors and Workstations", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Mobile Processor / 2nd Gen AMD Ryzen\u2122 Mobile Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processor", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "1st Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "2nd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "3rd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 3000", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD EPYC (TM) Embedded 7002", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7003", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD RyzenTM Embedded R1000", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD RyzenTM Embedded R2000", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD RyzenTM Embedded 5000", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD RyzenTM Embedded V1000", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD RyzenTM Embedded V2000", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD RyzenTM Embedded V3000", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}], "datePublic": "2024-06-11T18:54:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.</span>\n\n"}], "value": "A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2024-06-18T19:01:57.007Z"}, "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:51:46.075Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "affected": [{"vendor": "amd", "product": "ryzen_threadripper_pro_5995wx", "cpes": ["cpe:2.3:h:amd:ryzen_threadripper_pro_5945wx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_threadripper_pro_5955wx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_threadripper_pro_5965wx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_threadripper_pro_5975wx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_threadripper_pro_5995wx:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}, {"vendor": "amd", "product": "ryzen_6980hx", "cpes": ["cpe:2.3:h:amd:ryzen_6600h:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6600hs:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6600u:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6800h:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6800hs:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6800u:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6900hs:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6900hx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6980hs:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6980hx:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-05T17:32:15.481387Z", "id": "CVE-2022-23829", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T20:40:26.171Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:51:46.075Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-23829", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-05T17:32:15.481387Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:amd:ryzen_threadripper_pro_5945wx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_threadripper_pro_5955wx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_threadripper_pro_5965wx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_threadripper_pro_5975wx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_threadripper_pro_5995wx:-:*:*:*:*:*:*:*"], "vendor": "amd", "product": "ryzen_threadripper_pro_5995wx", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:amd:ryzen_6600h:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6600hs:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6600u:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6800h:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6800hs:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6800u:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6900hs:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6900hx:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6980hs:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:ryzen_6980hx:-:*:*:*:*:*:*:*"], "vendor": "amd", "product": "ryzen_6980hx", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T19:55:22.584Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AMD", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors 5900 WX-Series", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 6000 Series Mobile Processors and Workstations", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 3000 Series Mobile Processor / 2nd Gen AMD Ryzen\u2122 Mobile Processor with Radeon\u2122 Graphics", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processor", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "1st Gen AMD EPYC\u2122 Processors", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "2nd Gen AMD EPYC\u2122 Processors", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "3rd Gen AMD EPYC\u2122 Processors", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 3000", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC (TM) Embedded 7002", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 7003", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD RyzenTM Embedded R1000", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD RyzenTM Embedded R2000", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD RyzenTM Embedded 5000", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD RyzenTM Embedded V1000", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD RyzenTM Embedded V2000", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD RyzenTM Embedded V3000", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "affected"}], "datePublic": "2024-06-11T18:54:00.000Z", "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.</span>\n\n", "base64": false}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2024-06-18T19:01:57.007Z"}}}, "cveMetadata": {"cveId": "CVE-2022-23829", "state": "PUBLISHED", "dateUpdated": "2024-08-29T20:40:26.171Z", "dateReserved": "2022-01-21T17:20:55.781Z", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "datePublished": "2024-06-18T19:01:24.315Z", "assignerShortName": "AMD"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections."}, {"lang": "es", "value": "Una posible debilidad en las funciones de protecci\u00f3n AMD SPI puede permitir que un atacante malicioso con acceso Ring0 (modo kernel) evite las protecciones ROM nativas del modo de administraci\u00f3n del sistema (SMM)."}], "id": "CVE-2022-23829", "lastModified": "2024-08-29T21:35:00.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "psirt@amd.com", "type": "Secondary"}]}, "published": "2024-06-18T19:15:56.957", "references": [{"source": "psirt@amd.com", "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Hugo Magalhaes (Oracle) and Volodymyr Pikhur (Oracle) for reporting this issue.", "bugzilla": {"description": "hw: amd: SPI protection feature may result in a potential arbitrary code execution.", "id": "2177122", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177122"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "draft"}, "details": ["A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.", "A flaw was found in AMD SPI. The protection features may allow a malicious attacker with Ring0 kernel mode access to bypass the native System Management Mode (SMM) ROM protections."], "mitigation": {"lang": "en:us", "value": "Platform BIOS changes are needed to enable AMD ROM Armor.\nPlease contact OEM supplier for the BIOS update."}, "name": "CVE-2022-23829", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-11T06:30:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-23829\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23829\nhttps://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1041"], "threat_severity": "Important"}