Arbitrary Code Execution Vulnerability in AMD Firmware Products
CVE-2021-39298

8.8HIGH

Key Information:

Vendor: Amd
Status: 2nd Gen Epyc; 3rd Gen Epyc; Ryzen 2000 Series; Ryzen 3000 Series
Vendor: CVE Published:; 16 February 2022

What is CVE-2021-39298?

A security flaw has been identified in the interrupt handler of AMD's System Management Mode (SMM). This vulnerability could enable an attacker with elevated privileges to obtain access to the SMM, creating opportunities for arbitrary code execution. Such exploitation may allow malicious actors to circumvent security features embedded within the UEFI firmware, posing significant risks to the integrity and confidentiality of the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

2nd Gen EPYC x86 Various

3rd Gen EPYC x86 various

Ryzen 2000 Series x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

https://www.amd.com/en/corporate/product-security/bulleti...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 16, 2022
Vulnerability Reserved
Aug 19, 2021

JSON

Amd

What is CVE-2021-39298?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.