Lucene search

[email protected]CVE-2022-23830

HistoryNov 14, 2023 - 7:15 p.m.

CVE-2022-23830

2023-11-1419:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2022-23830

nvd

smm configuration

snp

guest memory integrity

security vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.0005 Low

EPSS

Percentile

16.6%

JSON

SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.

CPENameOperatorVersion
amd:epyc_9654p_firmwareamd epyc 9654p firmwareltgenoapi_1.0.0.1
amd:epyc_9654_firmwareamd epyc 9654 firmwareltgenoapi_1.0.0.1
amd:epyc_9634_firmwareamd epyc 9634 firmwareltgenoapi_1.0.0.1
amd:epyc_9554p_firmwareamd epyc 9554p firmwareltgenoapi_1.0.0.1
amd:epyc_9554_firmwareamd epyc 9554 firmwareltgenoapi_1.0.0.1
amd:epyc_9534_firmwareamd epyc 9534 firmwareltgenoapi_1.0.0.1
amd:epyc_9474f_firmwareamd epyc 9474f firmwareltgenoapi_1.0.0.1
amd:epyc_9454p_firmwareamd epyc 9454p firmwareltgenoapi_1.0.0.1
amd:epyc_9454_firmwareamd epyc 9454 firmwareltgenoapi_1.0.0.1
amd:epyc_9374f_firmwareamd epyc 9374f firmwareltgenoapi_1.0.0.1

CPE	Name	Operator	Version
amd:epyc_9654p_firmware	amd epyc 9654p firmware	lt	genoapi_1.0.0.1
amd:epyc_9654_firmware	amd epyc 9654 firmware	lt	genoapi_1.0.0.1
amd:epyc_9634_firmware	amd epyc 9634 firmware	lt	genoapi_1.0.0.1
amd:epyc_9554p_firmware	amd epyc 9554p firmware	lt	genoapi_1.0.0.1
amd:epyc_9554_firmware	amd epyc 9554 firmware	lt	genoapi_1.0.0.1
amd:epyc_9534_firmware	amd epyc 9534 firmware	lt	genoapi_1.0.0.1
amd:epyc_9474f_firmware	amd epyc 9474f firmware	lt	genoapi_1.0.0.1
amd:epyc_9454p_firmware	amd epyc 9454p firmware	lt	genoapi_1.0.0.1
amd:epyc_9454_firmware	amd epyc 9454 firmware	lt	genoapi_1.0.0.1
amd:epyc_9374f_firmware	amd epyc 9374f firmware	lt	genoapi_1.0.0.1

Rows per page:

1-10 of 651

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.0005 Low

EPSS

Percentile

16.6%

JSON

Related for CVE-2022-23830

prion1 cvelist1 amd2 nessus2 openvas3