CVE-2021-39298

8.8HIGH

Key Information:

Vendor: Amd
Status: 2nd Gen Epyc; 3rd Gen Epyc; Ryzen 2000 Series; Ryzen 3000 Series
Vendor: CVE Published:; 16 February 2022

Summary

A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.

Affected Version(s)

2nd Gen EPYC x86 Various

3rd Gen EPYC x86 various

Ryzen 2000 Series x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

https://www.amd.com/en/corporate/product-security/bulleti...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 16, 2022
Vulnerability Reserved
Aug 19, 2021

Collectors

NVD DatabaseMitre Database