CVE-2022-23829

Description

A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.

Category

8.2
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.03%
Affected: AMD AMD Ryzen™ Threadripper™ PRO Processors 5900 WX-Series
Affected: AMD AMD Ryzen™ 6000 Series Mobile Processors and Workstations
Affected: AMD AMD Ryzen™ 7000 Series Desktop Processors
Affected: AMD AMD Ryzen™ 5000 Series Mobile Processors
Affected: AMD AMD Ryzen™ 5000 Series Desktop Processors
Affected: AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
Affected: AMD AMD Ryzen™ 3000 Series Desktop Processors
Affected: AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
Affected: AMD AMD Ryzen™ 4000 Series Mobile Processors
Affected: AMD AMD Ryzen™ 3000 Series Mobile Processor / 2nd Gen AMD Ryzen™ Mobile Processor with Radeon™ Graphics
Affected: AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
Affected: AMD AMD Ryzen™ Threadripper™ PRO Processor
Affected: AMD 1st Gen AMD EPYC™ Processors
Affected: AMD 2nd Gen AMD EPYC™ Processors
Affected: AMD 3rd Gen AMD EPYC™ Processors
Affected: AMD AMD EPYC™ Embedded 3000
Affected: AMD AMD EPYC (TM) Embedded 7002
Affected: AMD AMD EPYC™ Embedded 7003
Affected: AMD AMD RyzenTM Embedded R1000
Affected: AMD AMD RyzenTM Embedded R2000
Affected: AMD AMD RyzenTM Embedded 5000
Affected: AMD AMD RyzenTM Embedded V1000
Affected: AMD AMD RyzenTM Embedded V2000
Affected: AMD AMD RyzenTM Embedded V3000
Published at:
Updated at:

References

Link Tags
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html

Frequently Asked Questions

What is the severity of CVE-2022-23829?
CVE-2022-23829 has been scored as a high severity vulnerability.
How to fix CVE-2022-23829?
To fix CVE-2022-23829, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-23829 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-23829 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-23829?
CVE-2022-23829 affects AMD AMD Ryzen™ Threadripper™ PRO Processors 5900 WX-Series, AMD AMD Ryzen™ 6000 Series Mobile Processors and Workstations, AMD AMD Ryzen™ 7000 Series Desktop Processors, AMD AMD Ryzen™ 5000 Series Mobile Processors, AMD AMD Ryzen™ 5000 Series Desktop Processors, AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics, AMD AMD Ryzen™ 3000 Series Desktop Processors, AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics, AMD AMD Ryzen™ 4000 Series Mobile Processors, AMD AMD Ryzen™ 3000 Series Mobile Processor / 2nd Gen AMD Ryzen™ Mobile Processor with Radeon™ Graphics, AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics, AMD AMD Ryzen™ Threadripper™ PRO Processor, AMD 1st Gen AMD EPYC™ Processors, AMD 2nd Gen AMD EPYC™ Processors, AMD 3rd Gen AMD EPYC™ Processors, AMD AMD EPYC™ Embedded 3000, AMD AMD EPYC (TM) Embedded 7002, AMD AMD EPYC™ Embedded 7003, AMD AMD RyzenTM Embedded R1000, AMD AMD RyzenTM Embedded R2000, AMD AMD RyzenTM Embedded 5000, AMD AMD RyzenTM Embedded V1000, AMD AMD RyzenTM Embedded V2000, AMD AMD RyzenTM Embedded V3000.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.