Lucene search

[email protected]CVE-2022-27677

HistoryMar 01, 2023 - 8:15 a.m.

CVE-2022-27677

2023-03-0108:15:10

CWE-269

[email protected]

web.nvd.nist.gov

cve-2022-27677

amd ryzen master

privilege escalation

code execution

security

vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low
privileges to modify files potentially leading to privilege escalation and code execution by the lower
privileged user.

CPENameOperatorVersion
amd:ryzen_masteramd ryzen masterlt2.10.1.2287
amd:ryzen_masteramd ryzen mastereq2.2.0.1543

CPE	Name	Operator	Version
amd:ryzen_master	amd ryzen master	lt	2.10.1.2287
amd:ryzen_master	amd ryzen master	eq	2.2.0.1543

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1052

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2022-27677

cvelist1 prion1 amd1 hp1