What is CVE-2021-39298?

CVE-2021-39298 is a high-severity vulnerability in Amd 2nd Gen Epyc. CVSS score: 8.8/10. Published 2022-02-16.

How severe is CVE-2021-39298?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Amd 2nd Gen Epyc

CVE-2021-39298

A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security m…

EPSS: 0.004 (34.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Amd 2nd Gen Epyc — versions Various
Amd 3rd Gen Epyc — versions various
Amd Ryzen 2000 Series — versions various
Amd Ryzen 3000 Series — versions Various
Amd Ryzen 5000 Series — versions various
Hp 260_g3_desktop_mini_pc
Hp 260_g3_desktop_mini_pc_firmware
Hp Elitebook_1050_g1
Hp Elitebook_1050_g1_firmware
Hp Elitebook_830_g5

References

psirt@amd.com (vendor-advisory)
psirt@amd.com

Frequently asked questions

What is CVE-2021-39298?: CVE-2021-39298 is a high-severity vulnerability in Amd 2nd Gen Epyc. CVSS score: 8.8/10. Published 2022-02-16.
How severe is CVE-2021-39298?: High severity. CVSS v3 base score is 8.8 out of 10.