Primary

Context

AMD Processors System Management Mode Memory Overwrite Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A vulnerability has been identified in various AMD processors, including Ryzen and Athlon mobile and desktop series, as well as EPYC embedded series processors. This vulnerability arises from improper input validation in the system management mode (SMM), which could enable a privileged attacker to overwrite arbitrary memory. Such an action may lead to arbitrary code execution at the SMM level.

Impact

Exploitation of this vulnerability could result in unauthorized memory modification, allowing for arbitrary code execution within the system management mode, a highly privileged execution environment.

Remediation

Users are advised to update to the latest Platform Initialization (PI) firmware version. Specific update instructions can be obtained from the original equipment manufacturer (OEM).

Added: Sep 6, 2025, 10:41 PM

Updated: Sep 6, 2025, 10:41 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

7.5

exploitability

2.8

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

7.5

exploitability

2.8

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AMD Processors System Management Mode Memory Overwrite Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

AMD EPYC Embedded 3000

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating