CVE-2022-23815
8.2
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Exploitability: 1.5 / Impact: 6.0
Source: NVD
Description
Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.
Affected (16)
Products: Amd: Athlon Silver 3050u Firmware, Athlon Gold 3150u Firmware, Ryzen 7 3780u Firmware, Ryzen 7 3750h Firmware, Ryzen 7 Pro 3700u Firmware, Ryzen 7 3700u Firmware, Ryzen 5 3580u Firmware, Ryzen 5 3550h Firmware, Ryzen 5 3500u Firmware, Ryzen 3 3300u Firmware, Ryzen 3 3250u Firmware, Ryzen 3 3200u Firmware, Athlon Gold Pro 3150g Firmware, Athlon Gold 3150g Firmware, Athlon Gold Pro 3150ge Firmware, Athlon Pro 300ge Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before picassopi-fp5_1.0.0.e |
| Running on/with | Platform Versions |
|---|---|
Amd Athlon Silver 3050u | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before picassopi-fp5_1.0.0.e |
| Running on/with | Platform Versions |
|---|---|
Amd Athlon Gold 3150u | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before picassopi-fp5_1.0.0.e |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 3780u | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before picassopi-fp5_1.0.0.e |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 3750h | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before picassopi-fp5_1.0.0.e |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 Pro 3700u | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before picassopi-fp5_1.0.0.e |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 3700u | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before picassopi-fp5_1.0.0.e |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 3580u | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before picassopi-fp5_1.0.0.e |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 3550h | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before picassopi-fp5_1.0.0.e |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 3500u | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before picassopi-fp5_1.0.0.e |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 3300u | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before picassopi-fp5_1.0.0.e |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 3250u | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before picassopi-fp5_1.0.0.e |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 3200u | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Amd Athlon Gold Pro 3150g | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Amd Athlon Gold 3150g | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Amd Athlon Gold Pro 3150ge | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Amd Athlon Pro 300ge | All versions |
References (1)
Source: psirt@amd.com
Vendor Advisory
Timeline
No history available yet.