Monthly
System Management Mode (SMM) handler in AMD Ryzen mobile, desktop, embedded, Threadripper, and EPYC processors allows privileged local attackers to execute arbitrary code in SMM by triggering a callout to attacker-controlled code in untrusted non-SMM memory. The vulnerability requires high complexity conditions, active user interaction, physical proximity or direct system access, and high privilege level; successful exploitation compromises system confidentiality, integrity, and availability. No public exploit identified at time of analysis.
System Management Mode (SMM) handler in AMD Ryzen mobile, desktop, embedded, Threadripper, and EPYC processors allows privileged local attackers to execute arbitrary code in SMM by triggering a callout to attacker-controlled code in untrusted non-SMM memory. The vulnerability requires high complexity conditions, active user interaction, physical proximity or direct system access, and high privilege level; successful exploitation compromises system confidentiality, integrity, and availability. No public exploit identified at time of analysis.