Description
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- AMD / AMD EPYC™ 7001 ProcessorsNaplesPI 1.0.0.K – NaplesPI 1.0.0.K
- AMD / AMD EPYC™ 7002 ProcessorsRomePI 1.0.0.G – RomePI 1.0.0.G
- AMD / AMD EPYC™ 7003 ProcessorsMilanPI 1.0.0.B – MilanPI 1.0.0.B
- AMD / AMD EPYC™ 9004 ProcessorsGenoaPI 1.0.0.2 – GenoaPI 1.0.0.2
- AMD / AMD EPYC™ Embedded 3000SnowyOwl PI 1.1.0.A – SnowyOwl PI 1.1.0.A
- AMD / AMD EPYC™ Embedded 7002EmbRomePI-SP3 1.0.0.A – EmbRomePI-SP3 1.0.0.A
- AMD / AMD EPYC™ Embedded 7003EmbMilanPI-SP3 1.0.0.7 – EmbMilanPI-SP3 1.0.0.7
- AMD / AMD EPYC™ Embedded 9003EmbGenoaPI-SP5 1.0.0.0 – EmbGenoaPI-SP5 1.0.0.0
- AMD / AMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsRembrandtPI-FP7 1.0.0.9b – RembrandtPI-FP7 1.0.0.9b
- AMD / AMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5 1.0.0.1 – ComboAM5 1.0.0.1
- AMD / AMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsMendocinoPI-FT6 1.0.0.0 – MendocinoPI-FT6 1.0.0.0
- AMD / AMD Ryzen™ 7035 Series Processors with Radeon™ GraphicsRembrandtPI-FP7 1.0.0.9b – RembrandtPI-FP7 1.0.0.9b
- AMD / AMD Ryzen™ Embedded 7000EmbeddedAM5PI 1.0.0.0 – EmbeddedAM5PI 1.0.0.0
- AMD / AMD Ryzen™ Threadripper™ PRO 5000WX ProcessorsChagallWSPI-sWRX8 1.0.0.7 – ChagallWSPI-sWRX8 1.0.0.7
- AMD / AMD RyzenTM Embedded V3000EmbeddedPI-FP7r2 1.0.0.8 – EmbeddedPI-FP7r2 1.0.0.8