System Management Mode Vulnerability in AMD Products
CVE-2026-0438

5.4MEDIUM

Key Information:

Vendor: Amd
Status: Amd Ryzen™ 7040 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ 7045 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ 7000 Series Desktop Processors; Amd Ryzen™ 9000hx Series Processors
Vendor: CVE Published:; 15 May 2026

What is CVE-2026-0438?

A vulnerability exists in the System Management Mode (SMM) of AMD processors that allows an attacker with high privileges to execute code from non-SMM memory. This scenario requires user interaction and specific preconditions, which increases the complexity of exploitation. If successful, an attacker could gain unauthorized access to system resources, undermining the confidentiality, integrity, and availability of the affected systems. Users of AMD processors should be aware of these risks and take necessary precautions.

Affected Version(s)

AMD EPYC™ 4004 Series Processors ComboAM5PI 1.0.0.d / ComboAM5PI 1.1.0.3f / ComboAM5PI_1.2.0.3i

AMD EPYC™ 4005 Series Processors ComboAM5PI_1.2.0.3i

AMD Ryzen™ 7000 Series Desktop Processors ComboAM5PI 1.0.0.d

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
Dec 6, 2025

CVE-2026-0438 Data

JSON

Amd

What is CVE-2026-0438?

Affected Version(s)

References

CVSS V4

Timeline