FKIE_CVE-2022-23815
Vulnerability from fkie_nvd - Published: 2024-08-13 17:15 - Updated: 2026-06-17 04:30
Severity
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@amd.com | https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html | Vendor Advisory |
Impacted products
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various",
"versionType": "PI"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.F"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PollockPI-FT5 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD RyzenTM Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD RyzenTM Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPI-FP5 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD RyzenTM Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
]
}
],
"source": "psirt@amd.com"
},
{
"affectedData": [
{
"cpes": [
"cpe:2.3:h:amd:athlon_3000g:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "athlon_3000g",
"vendor": "amd",
"versions": [
{
"status": "affected",
"version": "various"
},
{
"status": "unaffected",
"version": "1.0.0.F"
},
{
"status": "unaffected",
"version": "1.0.0.5"
},
{
"status": "unaffected",
"version": "1.0.0.E"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ryzen_embedded_r1000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.2.0.A"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ryzen_embedded_r2000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ryzen_embedded_v1000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.2.0.A"
}
]
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:athlon_silver_3050u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03194384-10A2-4B6D-BED1-C01908249969",
"versionEndExcluding": "picassopi-fp5_1.0.0.e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:athlon_silver_3050u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFF28BE-F049-4716-AADE-643FABB753A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:athlon_gold_3150u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5752E4C7-FB24-4E31-ABB0-EB9F09AEECCC",
"versionEndExcluding": "picassopi-fp5_1.0.0.e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:athlon_gold_3150u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E11A9D-03EC-4014-BB1C-5286C694581B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:ryzen_7_3780u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56FC4E22-6DCE-4DF0-A30E-B7574BE36FD6",
"versionEndExcluding": "picassopi-fp5_1.0.0.e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:ryzen_7_3780u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E677F6F8-3F5A-4457-8B66-D5C06DA4CB4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:ryzen_7_3750h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "235E9B6E-4C2F-4C97-8E56-4ECD4B9D1969",
"versionEndExcluding": "picassopi-fp5_1.0.0.e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:ryzen_7_3750h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "228E3FBD-F997-402D-AE96-B14D66390700",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:ryzen_7_pro_3700u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D532BCD-50E7-41AC-91D3-A0135F2266EE",
"versionEndExcluding": "picassopi-fp5_1.0.0.e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:ryzen_7_pro_3700u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE1C3A6-06F5-4448-B7BE-54EED3672BBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:ryzen_7_3700u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CC0AC2E-CA16-46E5-A703-8DCD3EF82425",
"versionEndExcluding": "picassopi-fp5_1.0.0.e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:ryzen_7_3700u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C201AA2-D2FC-4240-A8F0-B8C55D7CCE31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:ryzen_5_3580u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3770F180-FB7C-410F-B49D-D30AA05326BC",
"versionEndExcluding": "picassopi-fp5_1.0.0.e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:ryzen_5_3580u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2EC993-8A65-416B-939F-1C707D596AF9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:ryzen_5_3550h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15FE9FAE-DEC6-42FA-8622-3D5B0C845928",
"versionEndExcluding": "picassopi-fp5_1.0.0.e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:ryzen_5_3550h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8C6F103-30CC-4738-B489-B12790836B1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:ryzen_5_3500u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E25EF8F6-B5F3-478C-9AB5-60B29497D2F7",
"versionEndExcluding": "picassopi-fp5_1.0.0.e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:ryzen_5_3500u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDAE070-C41A-4D8C-BE0D-DBD434760749",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:ryzen_3_3300u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C5BE3C-6F3F-45A3-9F5C-A72CE30B3656",
"versionEndExcluding": "picassopi-fp5_1.0.0.e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:ryzen_3_3300u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9921AE2D-F497-47C8-B463-947E230CF4F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:ryzen_3_3250u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD8FA542-D8A5-4C7F-BF80-E79CE90D7D76",
"versionEndExcluding": "picassopi-fp5_1.0.0.e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:ryzen_3_3250u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C29793-1142-4506-8C32-3B89227BB3A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:ryzen_3_3200u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F0F843-A668-4BA3-9111-491BD115E0DA",
"versionEndExcluding": "picassopi-fp5_1.0.0.e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:ryzen_3_3200u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8921CB70-EE2E-4E18-8E6C-52B505E2D2E3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "420E8314-35B8-4A12-AD42-3914EBA51D4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:athlon_gold_pro_3150g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0FB0AF-E942-4257-A9F2-8077A753A169",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:athlon_gold_3150g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD375C2E-B976-4DAE-BF89-EFED1482DB28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:athlon_gold_3150g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6AE68ECE-5298-4BC1-AC24-5CF613389CDC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D689C088-F1F1-4368-B6AE-75D3F9582FB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:athlon_gold_pro_3150ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E09DC414-96EE-478E-847C-7ACB5915659B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amd:athlon_pro_300ge_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52DFA8C8-AD16-45B1-934F-AEE78C51DDAC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amd:athlon_pro_300ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F521757-7ABC-4CEB-AD06-2FD738216E8E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution."
},
{
"lang": "es",
"value": "Una verificaci\u00f3n de los l\u00edmites inadecuada en el firmware APCB puede permitir que un atacante realice una escritura fuera de los l\u00edmites, corrompiendo la entrada APCB y potencialmente llevando a la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2022-23815",
"lastModified": "2026-06-17T04:30:49.680",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "psirt@amd.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2022-23815",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T17:04:47.953819Z",
"version": "2.0.3"
}
}
]
},
"published": "2024-08-13T17:15:18.197",
"references": [
{
"source": "psirt@amd.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
}
],
"sourceIdentifier": "psirt@amd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…