Description
A System Management Mode (SMM) handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially compromising the system’s confidentiality, integrity, and availability.
Published: 2026-05-15
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A System Management Mode (SMM) handler can make a callout to code that resides in non‑SMM, untrusted memory. This flaw, classified as a CWE‑1072 issue, allows a highly privileged attacker to execute arbitrary, attacker‑controlled code within SMM. The type of impact is compromised confidentiality, integrity, and availability of the entire system, as code running in SMM has access to all system resources and can override operating system controls.

Affected Systems

AMD products including the EPYC 4004/4005 Series processors, all Ryzen 7000‑to‑9000 Series desktop and mobile processors, the Ryzen AI and Embedded series, the Ryzen Threadripper 7000/9000‑PRO series, the Ryzen Z1 and Z2 series, and related chipset firmware. In all these cases the flaw resides in the processor firmware and affects systems running affected chips.

Risk and Exploitability

The CVSS score of 5.4 indicates a moderate severity. Exploitation requires a highly privileged attacker, active user interaction, and several preconditions, and the EPSS score is currently unavailable. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is from a privileged process that can invoke SMM, for example through driver code or firmware utilities that interact with SMM. Given the complexity and necessity of user interaction, the risk in the current environment is moderate but not negligible. Caution is advised for environments where SMM is enabled and where untrusted code could be loaded into non‑SMM memory.

Generated by OpenCVE AI on May 15, 2026 at 03:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest AMD firmware update that eliminates the unauthorized SMM callout
  • If the platform allows, disable System Management Mode to prevent code execution in that context
  • Enforce firmware integrity checks and restrict bootloader configuration to trusted sources

Generated by OpenCVE AI on May 15, 2026 at 03:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 04:15:00 +0000

Type Values Removed Values Added
Title SMM Callout Handler Enables Execution of Untrusted Code

Fri, 15 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description A System Management Mode (SMM) handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially compromising the system’s confidentiality, integrity, and availability.
Weaknesses CWE-1072
References
Metrics cvssV4_0

{'score': 5.4, 'vector': 'CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-15T13:29:51.481Z

Reserved: 2025-12-06T13:53:51.228Z

Link: CVE-2026-0438

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T02:16:23.637

Modified: 2026-05-15T14:10:17.083

Link: CVE-2026-0438

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T04:00:12Z

Weaknesses