Description
Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially resulting in arbitrary code execution at the SMM level.
Problem types
CWE-1220 Insufficient Granularity of Access Control
Product status
CastlePeakPI-SP3r3 1.0.0.C
ChagallWSPI-sWRX8-1.0.0.7
CezannePI-FP6_1.0.1.0
CastlePeakWSPI-sWRX8 1.0.0.E
ChagallWSPI-sWRX8-1.0.0.7
ComboAM4 1.0.0.B
ComboAM4v2PI_1.2.0.CA
Picasso-FP5 1.0.1.1
Picasso-FP5 1.0.1.1
ComboAM4v2PI_1.2.0.CA
ComboAM4 1.0.0.B
ComboAM5 1.2.0.0
PhoenixPI-FP8-FP7_1.1.0.2
Renoir-FP6 1.0.0.D
Rembrandt-FP7 1.0.0.A
ComboAM5 1.2.0.0
MendocinoPI-FT6_1.0.0.6
DragonRangeFL1 1.0.0.3d
Rembrandt-FP7 1.0.0.A
CezannePI-FP6_1.0.1.0
ComboAM4v2PI_1.2.0.CA
ComboAM4v2PI_1.2.0.CA
EmbeddedPI-FP5 120C
EmbeddedR2KPI-FP5_1003
EmbAM4PI 1.0.0.5
EmbeddedPI-FP5 120C
EmbeddedPI-FP6_1.0.0.A
Embedded-PI_FP7r2 1009
Credits
Reported through AMD Bug Bounty Program
References
www.amd.com/...es/product-security/bulletin/AMD-SB-4012.html
www.amd.com/...es/product-security/bulletin/AMD-SB-5007.html
