CVE-2022-23815

CVSS 7.5 HIGHEPSS 0.2%CWE-787

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

13 Aug 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

AMD · AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics AMD · AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics AMD · AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics AMD · AMD RyzenTM Embedded R1000 AMD · AMD RyzenTM Embedded R2000 AMD · AMD RyzenTM Embedded V1000

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html