CVE-2022-23815

HIGH EPSS 5.9%
Published Aug 13, 20241y ago · Modified Jun 17, 20262w ago
8.2 CVSS 3.1
High
Find Similar
Published Aug 13, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.

CVSS Details

Base Score
8.2
Exploitability
1.5
Impact
6.0
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Changed
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
5.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 32

VendorProductVersionRange
amdathlon_silver_3050u_firmware* <picassopi-fp5_1.0.0.e
amdathlon_silver_3050u*any
amdathlon_gold_3150u_firmware* <picassopi-fp5_1.0.0.e
amdathlon_gold_3150u*any
amdryzen_7_3780u_firmware* <picassopi-fp5_1.0.0.e
amdryzen_7_3780u*any
amdryzen_7_3750h_firmware* <picassopi-fp5_1.0.0.e
amdryzen_7_3750h*any
amdryzen_7_pro_3700u_firmware* <picassopi-fp5_1.0.0.e
amdryzen_7_pro_3700u*any
amdryzen_7_3700u_firmware* <picassopi-fp5_1.0.0.e
amdryzen_7_3700u*any
amdryzen_5_3580u_firmware* <picassopi-fp5_1.0.0.e
amdryzen_5_3580u*any
amdryzen_5_3550h_firmware* <picassopi-fp5_1.0.0.e
amdryzen_5_3550h*any
amdryzen_5_3500u_firmware* <picassopi-fp5_1.0.0.e
amdryzen_5_3500u*any
amdryzen_3_3300u_firmware* <picassopi-fp5_1.0.0.e
amdryzen_3_3300u*any
amdryzen_3_3250u_firmware* <picassopi-fp5_1.0.0.e
amdryzen_3_3250u*any
amdryzen_3_3200u_firmware* <picassopi-fp5_1.0.0.e
amdryzen_3_3200u*any
amdathlon_gold_pro_3150g_firmware*any
amdathlon_gold_pro_3150g*any
amdathlon_gold_3150g_firmware*any
amdathlon_gold_3150g*any
amdathlon_gold_pro_3150ge_firmware*any
amdathlon_gold_pro_3150ge*any
amdathlon_pro_300ge_firmware*any
amdathlon_pro_300ge*any

References 1

  • amd.com https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.