Description
Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- AMD / 3rd Gen AMD EPYC™ Processorsvarious – various
- AMD / AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4various – various
- AMD / AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”various – various
- AMD / AMD EPYC™ Embedded 7003various – various
- AMD / AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5various – various
- AMD / AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6various – various
- AMD / AMD Ryzen™ 5000 Series Desktop Processors “Vermeer”various – various
- AMD / AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”various – various
- AMD / AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”various – various
- AMD / AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”various – various
- AMD / AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”various – various
- AMD / AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"various – various
- AMD / AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”various – various
- AMD / AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”various – various
- AMD / AMD Ryzen™ Threadripper™ 2000 Series Processors “Colfax”Various – Various
- AMD / AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDTvarious – various
- AMD / AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WSvarious – various
- AMD / AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3various – various
- AMD / Ryzen™ 3000 Series Desktop Processors “Matisse”various – various