AMD Ryzen and Athlon Processors Improper System Call Parameter Validation Vulnerability Allowing Kernel Memory Corruption

A vulnerability exists in AMD Ryzen and Athlon processors due to improper validation of system call parameters in the Trusted Operating System. This flaw may enable a malicious driver to map or unmap a large number of pages, potentially leading to corruption of kernel memory. Affected processors include various models within the Ryzen 3000, 4000, 5000, 7000, 8000, and Athlon 3000 series, as well as certain Ryzen Embedded and Ryzen Threadripper series processors.

Impact

Exploitation of this vulnerability could result in corruption of kernel memory, which may lead to arbitrary code execution or cause a denial-of-service condition by crashing the system.

Remediation

Users can update to the latest Platform Initialization (PI) version specific to their processor model. For AMD Ryzen and Athlon processors, this includes ComboAM4PI 1.0.0.9, PicassoPI-FP5 1.0.0.E, and several other specific versions. Consult the AMD Client Processor Revision Guide or contact your AMD Customer Engineering representative for guidance.