Vulnerabilities > CVE-2022-23815 - Out-of-bounds Write vulnerability in AMD products

CVSS 8.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

amd

CWE-787

NVD

Published: 2024-08-13

Updated: 2024-12-12

Summary

Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.

Vulnerable Configurations

Part	Description	Count
OS	Amd AMD Athlon Silver 3050U Firmware - AMD Athlon Gold 3150U Firmware - AMD Ryzen 7 3780U Firmware - AMD Ryzen 7 3750H Firmware - AMD Ryzen 7 PRO 3700U Firmware - AMD Ryzen 7 3700U Firmware - AMD Ryzen 5 3580U Firmware - AMD Ryzen 5 3550H Firmware - AMD Ryzen 5 3500U Firmware - AMD Ryzen 3 3300U Firmware - AMD Ryzen 3 3300U Firmware Comboam4Pi_1.0.0.9 AMD Ryzen 3 3300U Firmware Comboam4V2Pi_1.2.0.8 AMD Ryzen 3 3250U Firmware - AMD Ryzen 3 3250U Firmware Comboam4Pi_1.0.0.9 AMD Ryzen 3 3250U Firmware Comboam4V2Pi_1.2.0.8 AMD Ryzen 3 3200U Firmware - AMD Ryzen 3 3200U Firmware Comboam4Pi_1.0.0.9 AMD Ryzen 3 3200U Firmware Comboam4V2Pi_1.2.0.8 AMD Athlon Gold PRO 3150G Firmware - AMD Athlon Gold 3150G Firmware - AMD Athlon Gold PRO 3150Ge Firmware - AMD Athlon PRO 300Ge Firmware -	22
Hardware	Amd AMD Athlon Silver 3050U - AMD Athlon Gold 3150U - AMD Ryzen 7 3780U - AMD Ryzen 7 3750H - AMD Ryzen 7 PRO 3700U - AMD Ryzen 7 3700U - AMD Ryzen 5 3580U - AMD Ryzen 5 3550H - AMD Ryzen 5 3500U - AMD Ryzen 3 3300U - AMD Ryzen 3 3250U - AMD Ryzen 3 3200U - AMD Athlon Gold PRO 3150G - AMD Athlon Gold 3150G - AMD Athlon Gold PRO 3150Ge - AMD Athlon PRO 300Ge -	16

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html