CVE-2022-27677

{"id": "CVE-2022-27677", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-03-01T08:15:10.407", "references": [{"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1052", "tags": ["Vendor Advisory"], "source": "psirt@amd.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "\nFailure to validate privileges during installation of AMD Ryzen\u2122 Master may allow an attacker with low\nprivileges to modify files potentially leading to privilege escalation and code execution by the lower\nprivileged user.\n\n"}], "lastModified": "2023-11-07T03:45:23.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:amd:ryzen_master:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "765AC34D-482D-457C-9369-6D4BF397C2F9", "versionEndExcluding": "2.10.1.2287"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@amd.com"}