Nixpkgs Security Tracker

Untriaged

Permalink CVE-2022-23820

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): HIGH
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Failure to validate the AMD SMM communication buffer may allow …

Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 vendor-advisory x_transferred
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 vendor-advisory x_transferred
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 vendor-advisory x_transferred

Affected products

==Various
==Various
==various
==various

AMD EPYC™ Embedded 7003

==various
==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

nixos-unstable -
- nixpkgs-unstable 0.12.0

pkgs.perlPackages.PPI

Parse, Analyze and Manipulate Perl (without perl)

nixos-unstable -
- nixpkgs-unstable 1.277

pkgs.perl538Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

nixos-unstable -
- nixpkgs-unstable 1.277

pkgs.perl540Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

nixos-unstable -
- nixpkgs-unstable 1.277

pkgs.perlPackages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

nixos-unstable -
- nixpkgs-unstable 0.28

pkgs.perlPackages.PDFAPI2

Create, modify, and examine PDF files

nixos-unstable -
- nixpkgs-unstable API2-2.045

pkgs.haskellPackages.hsPID

PID control loop

nixos-unstable -
- nixpkgs-unstable 0.1.2

pkgs.spirv-llvm-translator

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

nixos-unstable -
- nixpkgs-unstable 19.1.10

pkgs.perl538Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

nixos-unstable -
- nixpkgs-unstable 0.28

pkgs.perl540Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

nixos-unstable -
- nixpkgs-unstable 0.28

pkgs.perlPackages.PPIxUtils

Utility functions for PPI

nixos-unstable -
- nixpkgs-unstable 0.003

pkgs.perl538Packages.PDFAPI2

Create, modify, and examine PDF files

nixos-unstable -
- nixpkgs-unstable API2-2.045

pkgs.perl540Packages.PDFAPI2

Create, modify, and examine PDF files

nixos-unstable -
- nixpkgs-unstable API2-2.045

pkgs.perlPackages.PPIxRegexp

Parse regular expressions

nixos-unstable -
- nixpkgs-unstable 0.088

pkgs.perlPackages.ProcPIDFile

Manage process id files

nixos-unstable -
- nixpkgs-unstable 1.29

pkgs.haskellPackages.EdisonAPI

A library of efficient, purely-functional data structures (API)

nixos-unstable -
- nixpkgs-unstable 1.3.3.2

pkgs.perl538Packages.PPIxUtils

Utility functions for PPI

nixos-unstable -
- nixpkgs-unstable 0.003

pkgs.perl540Packages.PPIxUtils

Utility functions for PPI

nixos-unstable -
- nixpkgs-unstable 0.003

pkgs.perlPackages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

nixos-unstable -
- nixpkgs-unstable 0.21

pkgs.perl538Packages.PPIxRegexp

Parse regular expressions

nixos-unstable -
- nixpkgs-unstable 0.088

pkgs.perl540Packages.PPIxRegexp

Parse regular expressions

nixos-unstable -
- nixpkgs-unstable 0.088

pkgs.perlPackages.OpenAPIClient

Client for talking to an Open API powered server

nixos-unstable -
- nixpkgs-unstable 1.07

pkgs.perlPackages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

nixos-unstable -
- nixpkgs-unstable 0.023

pkgs.perlPackages.PPIxUtilities

Extensions to PPI|PPI

nixos-unstable -
- nixpkgs-unstable 1.001000

pkgs.perl538Packages.ProcPIDFile

Manage process id files

nixos-unstable -
- nixpkgs-unstable 1.29

pkgs.perl540Packages.ProcPIDFile

Manage process id files

nixos-unstable -
- nixpkgs-unstable 1.29

pkgs.perl538Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

nixos-unstable -
- nixpkgs-unstable 0.21

pkgs.perl540Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

nixos-unstable -
- nixpkgs-unstable 0.21

pkgs.perl538Packages.OpenAPIClient

Client for talking to an Open API powered server

nixos-unstable -
- nixpkgs-unstable 1.07

pkgs.perl538Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

nixos-unstable -
- nixpkgs-unstable 0.023

pkgs.perl538Packages.PPIxUtilities

Extensions to PPI|PPI

nixos-unstable -
- nixpkgs-unstable 1.001000

pkgs.perl540Packages.OpenAPIClient

Client for talking to an Open API powered server

nixos-unstable -
- nixpkgs-unstable 1.07

pkgs.perl540Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

nixos-unstable -
- nixpkgs-unstable 0.023

pkgs.perl540Packages.PPIxUtilities

Extensions to PPI|PPI

nixos-unstable -
- nixpkgs-unstable 1.001000

pkgs.perlPackages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

nixos-unstable -
- nixpkgs-unstable 5.09

pkgs.perl538Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

nixos-unstable -
- nixpkgs-unstable 5.09

pkgs.perl540Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

nixos-unstable -
- nixpkgs-unstable 5.09

Package maintainers

@invokes-su Souvik Sen <nixpkgs-commits@deshaw.com>
@despsyched Priyanshu Tripathi <priyanshu.tripathi@deshaw.com>
@de11n Elliot Cameron <nixpkgs-commits@deshaw.com>
@stigtsp Stig Palmquist <stig@stig.io>
@gloaming Craig Hall <ch9871@gmail.com>
@s0me1newithhand7s hand7s <s0me1newithhand7s@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.spoofdpi

pkgs.perlPackages.PPI

pkgs.perl538Packages.PPI

pkgs.perl540Packages.PPI

pkgs.perlPackages.GSSAPI

pkgs.perlPackages.PDFAPI2

pkgs.haskellPackages.hsPID

pkgs.spirv-llvm-translator

pkgs.perl538Packages.GSSAPI

pkgs.perl540Packages.GSSAPI

pkgs.perlPackages.PPIxUtils

pkgs.perl538Packages.PDFAPI2

pkgs.perl540Packages.PDFAPI2

pkgs.perlPackages.PPIxRegexp

pkgs.perlPackages.ProcPIDFile

pkgs.haskellPackages.EdisonAPI

pkgs.perl538Packages.PPIxUtils

pkgs.perl540Packages.PPIxUtils

pkgs.perlPackages.WWWTwilioAPI

pkgs.perl538Packages.PPIxRegexp

pkgs.perl540Packages.PPIxRegexp

pkgs.perlPackages.OpenAPIClient

pkgs.perlPackages.PPIxQuoteLike

pkgs.perlPackages.PPIxUtilities

pkgs.perl538Packages.ProcPIDFile

pkgs.perl540Packages.ProcPIDFile

pkgs.perl538Packages.WWWTwilioAPI

pkgs.perl540Packages.WWWTwilioAPI

pkgs.perl538Packages.OpenAPIClient

pkgs.perl538Packages.PPIxQuoteLike

pkgs.perl538Packages.PPIxUtilities

pkgs.perl540Packages.OpenAPIClient

pkgs.perl540Packages.PPIxQuoteLike

pkgs.perl540Packages.PPIxUtilities

pkgs.perlPackages.MojoliciousPluginOpenAPI

pkgs.perl538Packages.MojoliciousPluginOpenAPI

pkgs.perl540Packages.MojoliciousPluginOpenAPI

Package maintainers