Lucene search

Redhat.comRH:CVE-2022-23829

HistoryJun 19, 2024 - 5:09 p.m.

CVE-2022-23829

2024-06-1917:09:52

redhat.com

access.redhat.com

amd spi

bypassing protections

smm

bios update

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

A flaw was found in AMD SPI. The protection features may allow a malicious attacker with Ring0 kernel mode access to bypass the native System Management Mode (SMM) ROM protections.

Mitigation

Platform BIOS changes are needed to enable AMD ROM Armor.

Please contact OEM supplier for the BIOS update.

References

bugzilla.redhat.com/show_bug.cgi?id=2177122

nvd.nist.gov/vuln/detail/CVE-2022-23829

www.amd.com/en/corporate/product-security/bulletin/amd-sb-1041

www.cve.org/CVERecord?id=CVE-2022-23829

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for RH:CVE-2022-23829