Description
Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
Affected products
- AMD / AMD EPYC™ 9005 Series ProcessorsTurinPI 1.0.0.4 – TurinPI 1.0.0.4
- AMD / AMD EPYC™ Embedded 9000 Series ProcessorsEmbturin PI 1.0.0.0 – Embturin PI 1.0.0.0
- AMD / AMD Ryzen™ 9000HX Series ProcessorsFireRangeFL1PI 1.0.0.0a – FireRangeFL1PI 1.0.0.0a
- AMD / AMD Ryzen™ 9000 Series Desktop ProcessorsComboAM5PI 1.2.0.3c – ComboAM5PI 1.2.0.3c
- AMD / AMD Ryzen™ AI 300 Series ProcessorsStrixKrackanPI-FP8_1.1.0.1b – StrixKrackanPI-FP8_1.1.0.1b
- AMD / AMD Ryzen™ Al Max+StrixHaloPI-FP11_1.0.0.1 – StrixHaloPI-FP11_1.0.0.1
- AMD / AMD Ryzen™ Threadripper™ 9000 seriesShimadaPeakPI-SP6 1.0.0.1 – ShimadaPeakPI-SP6 1.0.0.1