CVE-2022-23821

Description

Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.

Affected products

• AMD / AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”various – various
• AMD / AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"various – various
• AMD / AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”various – various
• AMD / AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”various – various
• AMD / AMD Ryzen™ Embedded 5000various – various
• AMD / AMD Ryzen™ Embedded R1000various – various
• AMD / AMD Ryzen™ Embedded R2000various – various
• AMD / AMD Ryzen™ Embedded V1000various – various
• AMD / AMD Ryzen™Embedded V2000various – various
• AMD / AMD Ryzen™Embedded V3000various – various
• AMD / Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4various – various
• AMD / Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5various – various
• AMD / Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”various – various
• AMD / Ryzen™ 3000 Series Desktop Processors “Matisse”various – various
• AMD / Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5various – various
• AMD / Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6various – various
• AMD / Ryzen™ 5000 Series Desktop Processors “Vermeer”various – various
• AMD / Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”various – various
• AMD / Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”various – various
• AMD / Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”various – various
• AMD / Ryzen™ Threadripper™ 2000 Series Processors “Colfax”various – various
• AMD / Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDTvarious – various
• AMD / Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WSvarious – various
• AMD / Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3various – various

References

• MISChttps://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002
• MISChttps://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001