Description
A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- AMD / 1st Gen AMD EPYC™ Processorsvarious – various
- AMD / 2nd Gen AMD EPYC™ Processorsvarious – various
- AMD / 3rd Gen AMD EPYC™ Processorsvarious – various
- AMD / AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphicsvarious – various
- AMD / AMD EPYC™ Embedded 3000various – various
- AMD / AMD EPYC™ Embedded 7003various – various
- AMD / AMD EPYC(TM) Embedded 7002various – various
- AMD / AMD Ryzen™ 3000 Series Desktop Processorsvarious – various
- AMD / AMD Ryzen™ 3000 Series Mobile Processor / 2nd Gen AMD Ryzen™ Mobile Processor with Radeon™ Graphicsvarious – various
- AMD / AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphicsvarious – various
- AMD / AMD Ryzen™ 4000 Series Mobile Processorsvarious – various
- AMD / AMD Ryzen™ 5000 Series Desktop Processorsvarious – various
- AMD / AMD Ryzen™ 5000 Series Mobile Processorsvarious – various
- AMD / AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphicsvarious – various
- AMD / AMD Ryzen™ 6000 Series Mobile Processors and Workstationsvarious – various
- AMD / AMD Ryzen™ 7000 Series Desktop Processorsvarious – various
- AMD / AMD Ryzen™ Threadripper™ PRO Processorvarious – various
- AMD / AMD Ryzen™ Threadripper™ PRO Processors 5900 WX-Seriesvarious – various
- AMD / AMD RyzenTM Embedded 5000various – various
- AMD / AMD RyzenTM Embedded R1000various – various
- AMD / AMD RyzenTM Embedded R2000various – various
- AMD / AMD RyzenTM Embedded V1000various – various
- AMD / AMD RyzenTM Embedded V2000various – various
- AMD / AMD RyzenTM Embedded V3000various – various