CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
9.0%
Bulletin ID: AMD-SB-1041 **Potential Impact:**System Integrity **Severity:**High
Potential weaknesses in AMD’s SPI protection features may allow an attacker to bypass the native System Management Mode (SMM) ROM protections.
CVE-2022-23829
A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.
Client
AMD Ryzen™ Threadripper™ PRO Processors 5900 WX-Series
AMD Ryzen™ 6000 Series Mobile Processors and Workstations
AMD Ryzen™ 7000 Series Desktop Processors
AMD Ryzen™ 5000 Series Mobile Processors
AMD Ryzen™ 5000 Series Desktop Processors
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD Ryzen™ 3000 Series Desktop Processors
AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
AMD Ryzen™ 4000 Series Mobile Processors
AMD Ryzen™ 3000 Series Mobile Processor / 2nd Gen AMD Ryzen™ Mobile Processor with Radeon™ Graphics
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD Ryzen™ Threadripper™ PRO Processor
Server
1st Gen AMD EPYC™ Processors
2nd Gen AMD EPYC™ Processors
3rd Gen AMD EPYC™ Processors
Embedded Processors
AMD EPYC™ Embedded 3000
AMD EPYCTM Embedded 7002
AMD EPYC™ Embedded 7003
AMD RyzenTM Embedded R1000
AMD RyzenTM Embedded R2000
AMD RyzenTM Embedded 5000
AMD RyzenTM Embedded V1000
AMD RyzenTM Embedded V2000
AMD RyzenTM Embedded V3000
Platform BIOS changes released to AMD customers are needed to mitigate this issue.
Contact your OEM supplier for the BIOS update specific to your system.