Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Improper input validation in the System Management Mode (SMM) communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of Memory Segment (TSEG) memory region, potentially resulting in loss of confidentiality or integrity.
AnalysisAI
Improper input validation in the System Management Mode (SMM) communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-124. Improper input validation in the System Management Mode (SMM) communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of Memory Segment (TSEG) memory region, potentially resulting in loss of confidentiality or integrity. Affected products include: Amd Amd Epyc™ 4004, Amd Amd Epyc™ 4005, Amd Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics, Amd Amd Ryzen™ 7040 Series Mobile Processors With Radeon™ Graphics, Amd Amd Ryzen™ 7045 Series Mobile Processors With Radeon™ Graphics.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same weakness CWE-124 – Buffer Underwrite ('Buffer Underflow')
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2024-55591
GHSA-qjgc-hx5r-r632