Description
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- AMD / AMD Athlon™ 3000 Series Desktop Processors with Radeon™ GraphicsComboAM4PI_1.0.0.C – ComboAM4PI_1.0.0.C
- AMD / AMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsPicassoPI-FP5_1.0.1.2a – PicassoPI-FP5_1.0.1.2a
- AMD / AMD EPYC™ 4004 Series ProcessorsComboAM5PI_1.2.0.2a – ComboAM5PI_1.2.0.2a
- AMD / AMD EPYC™ 7001 Series ProcessorsNaples 1.0.0.Q – Naples 1.0.0.Q
- AMD / AMD EPYC™ 7002 Series ProcessorsRome PI 1.0.0.M – Rome PI 1.0.0.M
- AMD / AMD EPYC™ 7003 Series ProcessorsMilanPI 1.0.0.D – MilanPI 1.0.0.D
- AMD / AMD EPYC™ 8004 Series ProcessorsGenoaPI 1.0.0.D – GenoaPI 1.0.0.D
- AMD / AMD EPYC™ 9004 Series ProcessorsGenoaPI 1.0.0.D – GenoaPI 1.0.0.D
- AMD / AMD EPYC™ Embedded 3000 Series ProcessorsSnowyOwl PI 1.1.0.F – SnowyOwl PI 1.1.0.F
- AMD / AMD EPYC™ Embedded 7002 Series ProcessorsEmbRomePI-SP3_1.0.0.E – EmbRomePI-SP3_1.0.0.E
- AMD / AMD EPYC™ Embedded 7003 Series ProcessorsEmbMilanPI-SP3 1.0.0.A – EmbMilanPI-SP3 1.0.0.A
- AMD / AMD EPYC™ Embedded 9004 Series ProcessorsEmbGenoaPI-SP5 1.0.0.8 – EmbGenoaPI-SP5 1.0.0.8
- AMD / AMD EPYC™ Embedded 97X4 Series ProcessorsEmbGenoaPI-SP5 1.0.0.8 – EmbGenoaPI-SP5 1.0.0.8
- AMD / AMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4PI_1.0.0.C – ComboAM4PI_1.0.0.C
- AMD / AMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4v2PI_1.2.0.D – ComboAM4v2PI_1.2.0.D
- AMD / AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ GraphicsPicassoPI-FP5_1.0.1.2a – PicassoPI-FP5_1.0.1.2a
- AMD / AMD Ryzen™ 4000 Series Desktop ProcessorsComboAM4v2PI_1.2.0.D – ComboAM4v2PI_1.2.0.D
- AMD / AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsRenoirPI-FP6 1.0.0.Ea – RenoirPI-FP6 1.0.0.Ea
- AMD / AMD Ryzen™ 5000 Series Desktop ProcessorsComboAM4v2PI_1.2.0.D – ComboAM4v2PI_1.2.0.D
- AMD / AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsComboAM4v2PI_1.2.0.D – ComboAM4v2PI_1.2.0.D
- AMD / AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6_1.0.1.1a – CezannePI-FP6_1.0.1.1a
- AMD / AMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsRembrandtPI-FP7_1.0.0.Ba – RembrandtPI-FP7_1.0.0.Ba
- AMD / AMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI_1.2.0.2a – ComboAM5PI_1.2.0.2a
- AMD / AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6_1.0.1.1a – CezannePI-FP6_1.0.1.1a
- AMD / AMD Ryzen™ 7035 Series Processors with Radeon™ GraphicsRembrandtPI-FP7_1.0.0.Ba – RembrandtPI-FP7_1.0.0.Ba
- AMD / AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7_1.1.8.0 – PhoenixPI-FP8-FP7_1.1.8.0
- AMD / AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ GraphicsDragonRangeFL1_1.0.0.3f – DragonRangeFL1_1.0.0.3f
- AMD / AMD Ryzen™ 8000 Series Desktop ProcessorsComboAM5PI_1.2.0.2a – ComboAM5PI_1.2.0.2a
- AMD / AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7_1.1.8.0 – PhoenixPI-FP8-FP7_1.1.8.0
- AMD / AMD Ryzen™ 9000 Series Desktop ProcessorsComboAM5PI_1.2.0.2a – ComboAM5PI_1.2.0.2a
- AMD / AMD Ryzen™ Embedded 5000 Series ProcessorsEmbAM4PI 1.0.0.7 – EmbAM4PI 1.0.0.7
- AMD / AMD Ryzen™ Embedded 7000 Series ProcessorsEmbeddedAM5PI 1.0.0.3 – EmbeddedAM5PI 1.0.0.3
- AMD / AMD Ryzen™ Embedded V2000 Series ProcessorsEmbeddedPI-FP6_1.0.0.B – EmbeddedPI-FP6_1.0.0.B
- AMD / AMD Ryzen™ Embedded V3000 Series ProcessorsEmbedded-PI_FP7r2 100A – Embedded-PI_FP7r2 100A
- AMD / AMD Ryzen™ Threadripper™ 3000 ProcessorsCastlePeakPI-SP3r3 1.0.0.D – CastlePeakPI-SP3r3 1.0.0.D
- AMD / AMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsCastlePeakWSPI-sWRX8 1.0.0.F – CastlePeakWSPI-sWRX8 1.0.0.F
- AMD / AMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsChagallWSPI-sWRX8-1.0.0.A – ChagallWSPI-sWRX8-1.0.0.A
- AMD / AMD Ryzen™ Threadripper™ PRO 5000 WX-Series ProcessorsChagallWSPI-sWRX8-1.0.0.A – ChagallWSPI-sWRX8-1.0.0.A