AMD Ryzen Processors CVE-2026-0438

Q: What is the CVSS score of CVE-2026-0438?

CVE-2026-0438 has a CVSS 4.0 base score of 5.4 (Medium). CVSS vector: CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-30496 MEDIUM

Data Resource Access without Use of Connection Pooling (CWE-1072)

2026-05-15 AMD

GHSA-783m-hm3h-gh75

Information Disclosure

5.4

CVSS 4.0

CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Physical

Attack Complexity

High

Privileges Required

High

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

May 15, 2026 - 04:16 vuln.today

CVSS changed

May 15, 2026 - 02:22 NVD

5.4 (MEDIUM)

CVE Published

May 15, 2026 - 01:41 nvd

UNKNOWN (no severity yet)

CVE Published

May 15, 2026 - 01:41 nvd

MEDIUM 5.4

DescriptionNVD

A System Management Mode (SMM) handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially compromising the system’s confidentiality, integrity, and availability.

AnalysisAI

System Management Mode (SMM) handler in AMD Ryzen mobile, desktop, embedded, Threadripper, and EPYC processors allows privileged local attackers to execute arbitrary code in SMM by triggering a callout to attacker-controlled code in untrusted non-SMM memory. The vulnerability requires high complexity conditions, active user interaction, physical proximity or direct system access, and high privilege level; successful exploitation compromises system confidentiality, integrity, and availability. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-0438 vulnerability details – vuln.today

Back

AMD Ryzen Processors CVE-2026-0438

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

AMD Ryzen Processors CVE-2026-0438

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code