Description
A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality, integrity, or availability.
CVSS breakdown
CVSS 4.0
Attack Vector
Local
Attack Complexity
Low
Attack Requirements
None
Privileges Required
High
User Interaction
None
Confidentiality (Vulnerable System)
Low
Integrity (Vulnerable System)
Low
Availability (Vulnerable System)
Low
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
Affected products
- AMD / AMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.0.0.b – ComboAM5PI 1.0.0.b
- AMD / AMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.1.0.3d – ComboAM5PI 1.1.0.3d
- AMD / AMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.2.0.3d – ComboAM5PI 1.2.0.3d
- AMD / AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ GraphicsDragonRangeFL1PI 1.0.0.3h – DragonRangeFL1PI 1.0.0.3h
- AMD / AMD Ryzen™ 8000 Series Desktop ProcessorsComboAM5PI 1.2.0.3d – ComboAM5PI 1.2.0.3d
- AMD / AMD Ryzen™ 8000 Series Desktop ProcessorsComboAM5PI 1.1.0.3d – ComboAM5PI 1.1.0.3d
- AMD / AMD Ryzen™ 9000HX Series Mobile ProcessorsFireRangeFL1PI 1.0.0.0a – FireRangeFL1PI 1.0.0.0a
- AMD / AMD Ryzen™ 9000 Series Desktop ProcessorsComboAM5PI 1.2.0.3d – ComboAM5PI 1.2.0.3d
- AMD / AMD Ryzen™ Embedded 7000 Series ProcessorsEmbeddedAM5PI 1.0.0.4 – EmbeddedAM5PI 1.0.0.4