CVE-2022-23821
CVE-2022-23821
In short
A security flaw in System Management Mode allows attackers to write malicious code to a computer's firmware storage, potentially taking complete control of the system. This happens because access controls in a low-level part of the operating system are not properly enforced.
Technical detail
An improper access control vulnerability in SMM allows an attacker with local or physical access to write arbitrary data to SPI ROM (firmware storage), potentially leading to arbitrary code execution at the highest privilege level. The vulnerability stems from insufficient validation of write operations to persistent memory regions accessible during SMM execution.
Summary generated and translated by AI from the official description.
Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.
Affected products
AMD · AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”AMD · AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"AMD · AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”AMD · AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”AMD · AMD Ryzen™ Embedded 5000AMD · AMD Ryzen™ Embedded R1000AMD · AMD Ryzen™ Embedded R2000AMD · AMD Ryzen™ Embedded V1000AMD · AMD Ryzen™ Embedded V2000AMD · AMD Ryzen™ Embedded V3000AMD · Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4AMD · Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5AMD · Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”AMD · Ryzen™ 3000 Series Desktop Processors “Matisse”AMD · Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5AMD · Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6AMD · Ryzen™ 5000 Series Desktop Processors “Vermeer”AMD · Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”AMD · Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”AMD · Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”AMD · Ryzen™ Threadripper™ 2000 Series Processors “Colfax”AMD · Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDTAMD · Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WSAMD · Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →