CVE-2022-23815

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-23815
Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:amd:athlon_silver_3050u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:athlon_silver_3050u:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:amd:athlon_gold_3150u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:athlon_gold_3150u:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:amd:ryzen_7_3780u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_7_3780u:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:amd:ryzen_7_3750h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_7_3750h:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:amd:ryzen_7_pro_3700u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_7_pro_3700u:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:amd:ryzen_7_3700u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_7_3700u:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:amd:ryzen_5_3580u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_5_3580u:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:amd:ryzen_5_3550h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_5_3550h:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:amd:ryzen_5_3500u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_5_3500u:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:amd:ryzen_3_3300u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3_3300u:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:amd:ryzen_3_3250u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3_3250u:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:amd:ryzen_3_3200u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3_3200u:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:athlon_gold_pro_3150g:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:amd:athlon_gold_3150g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:athlon_gold_3150g:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:athlon_gold_pro_3150ge:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:amd:athlon_pro_300ge_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:athlon_pro_300ge:-:*:*:*:*:*:*:*
History

12 Dec 2024, 21:27

Type Values Removed Values Added
References () https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html - () https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html - Vendor Advisory
CWE CWE-787
CPE cpe:2.3:h:amd:athlon_gold_3150u:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_5_3500u:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_7_3780u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_7_3780u:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_5_3550h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_7_3700u:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_5_3550h:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3_3300u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_7_3750h:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:athlon_gold_pro_3150ge:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_7_3700u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:athlon_gold_pro_3150g:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:athlon_pro_300ge_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:athlon_silver_3050u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:athlon_pro_300ge:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_5_3580u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_7_3750h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_7_pro_3700u:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3_3250u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3_3250u:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:athlon_gold_3150g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:athlon_gold_3150g:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_5_3500u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3_3200u:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_5_3580u:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3_3300u:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:athlon_silver_3050u:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_7_pro_3700u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3_3200u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:amd:athlon_gold_3150u_firmware:*:*:*:*:*:*:*:*
Summary
  • (es) Una verificación de los límites inadecuada en el firmware APCB puede permitir que un atacante realice una escritura fuera de los límites, corrompiendo la entrada APCB y potencialmente llevando a la ejecución de código arbitrario.
First Time Amd ryzen 5 3550h Firmware
Amd ryzen 7 3700u Firmware
Amd athlon Gold Pro 3150g Firmware
Amd ryzen 3 3300u Firmware
Amd ryzen 7 Pro 3700u Firmware
Amd ryzen 3 3200u
Amd ryzen 3 3250u Firmware
Amd
Amd ryzen 7 3700u
Amd ryzen 7 3750h
Amd athlon Gold Pro 3150ge Firmware
Amd ryzen 5 3500u Firmware
Amd ryzen 5 3580u Firmware
Amd athlon Silver 3050u
Amd ryzen 3 3300u
Amd athlon Gold Pro 3150ge
Amd ryzen 7 3750h Firmware
Amd ryzen 7 3780u
Amd ryzen 3 3250u
Amd ryzen 7 3780u Firmware
Amd ryzen 5 3550h
Amd athlon Gold 3150g
Amd athlon Gold 3150u
Amd athlon Pro 300ge
Amd athlon Pro 300ge Firmware
Amd ryzen 3 3200u Firmware
Amd athlon Gold 3150u Firmware
Amd athlon Gold 3150g Firmware
Amd athlon Silver 3050u Firmware
Amd ryzen 5 3580u
Amd ryzen 7 Pro 3700u
Amd athlon Gold Pro 3150g
Amd ryzen 5 3500u

13 Aug 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-13 17:15

Updated : 2025-01-03 18:04

NVD link : CVE-2022-23815

Mitre link : CVE-2022-23815

CVE.ORG link : CVE-2022-23815

JSON object : View

Products Affected

amd

  • ryzen_3_3300u
  • ryzen_7_pro_3700u
  • athlon_gold_3150g
  • ryzen_3_3250u_firmware
  • ryzen_3_3200u_firmware
  • ryzen_5_3550h
  • ryzen_3_3250u
  • athlon_gold_pro_3150ge
  • ryzen_5_3550h_firmware
  • athlon_silver_3050u
  • ryzen_7_pro_3700u_firmware
  • ryzen_7_3700u
  • ryzen_5_3580u
  • athlon_gold_pro_3150ge_firmware
  • ryzen_3_3300u_firmware
  • athlon_gold_pro_3150g
  • ryzen_7_3750h
  • athlon_pro_300ge_firmware
  • ryzen_3_3200u
  • athlon_gold_pro_3150g_firmware
  • ryzen_5_3500u_firmware
  • ryzen_5_3580u_firmware
  • ryzen_7_3750h_firmware
  • ryzen_7_3780u_firmware
  • athlon_gold_3150u
  • ryzen_7_3700u_firmware
  • ryzen_7_3780u
  • athlon_pro_300ge
  • athlon_gold_3150g_firmware
  • ryzen_5_3500u
  • athlon_silver_3050u_firmware
  • athlon_gold_3150u_firmware
CWE
CWE-787

Out-of-bounds Write