Skip to main content

Amd Ryzen 9000 Series Desktop Processors Formerly Codenamed Granite Ridge

2 CVEs product

Monthly

CVE-2026-0438 MEDIUM This Month

System Management Mode (SMM) handler in AMD Ryzen mobile, desktop, embedded, Threadripper, and EPYC processors allows privileged local attackers to execute arbitrary code in SMM by triggering a callout to attacker-controlled code in untrusted non-SMM memory. The vulnerability requires high complexity conditions, active user interaction, physical proximity or direct system access, and high privilege level; successful exploitation compromises system confidentiality, integrity, and availability. No public exploit identified at time of analysis.

Information Disclosure Red Hat Suse Amd Epyc 4004 Series Processors Amd Ryzen 7040 Series Mobile Processors With Radeon Graphics +23
NVD VulDB
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-54502 HIGH This Week

Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.

Privilege Escalation RCE Information Disclosure Amd Amd Epyc 7003 Series Processors +56
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
EPSS 0% CVSS 5.4
MEDIUM This Month

System Management Mode (SMM) handler in AMD Ryzen mobile, desktop, embedded, Threadripper, and EPYC processors allows privileged local attackers to execute arbitrary code in SMM by triggering a callout to attacker-controlled code in untrusted non-SMM memory. The vulnerability requires high complexity conditions, active user interaction, physical proximity or direct system access, and high privilege level; successful exploitation compromises system confidentiality, integrity, and availability. No public exploit identified at time of analysis.

Information Disclosure Red Hat Suse +25
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.

Privilege Escalation RCE Information Disclosure +58
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy