CVE-2022-23817 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7 HIGH	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
amd	ryzen_3_3300x_firmware	𝑥 < comboam4v2_1.2.0.a	ADP
amd	ryzen_3_3300u_firmware	𝑥 < picassopi-fp5_1.0.0.e	ADP
amd	ryzen_3_pro_3200g_firmware	𝑥 < comboam4v2_pi_1.2.0.8	ADP
amd	ryzen_5_7500f_firmware	𝑥 < comboam5_1.0.8.0	ADP
amd	ryzen_threadripper_pro_3995wx_firmware	𝑥 < castlepeakpi-sp3r3_1.0.0.8	ADP
amd	ryzen_threadripper_pro_3995wx_firmware	𝑥 < castlepeakwspi-swrx8_1.0.0.a	ADP
amd	ryzen_threadripper_pro_5995wx_firmware	𝑥 < chagallwspi-swrx8_1.0.0.5	ADP
amd	ryzen_3_4300u_firmware	𝑥 < renoirpi-fp6_1.0.0.a	ADP
amd	ryzen_5_6600u_firmware	𝑥 < rembrandtpi-fp7_1.0.0.5	ADP
amd	ryzen_3_7335u_firmware	𝑥 < rembrandtpi-fp7_1.0.0.5	ADP
amd	ryzen_7_7745hx_firmware	𝑥 < dragonrangefl1pi_1.0.0.3b	ADP
amd	ryzen_5_5600x_firmware	𝑥 < comboam4v2_pi_1.2.0.8	ADP
amd	ryzen_3_5300g_firmware	𝑥 < cezannepi-fp6_1.0.0.c	ADP
amd	ryzen_3_5425c_firmware	𝑥 < cezannepi-fp6_1.0.0.c	ADP
amd	athlon_pro_300ge_firmware	𝑥 < picassopi-fp5_1.0.0.e	ADP

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html