Krzysztof Okupski

**Name of the Vulnerable Software and Affected Versions** AMD EPYC Processors (affected versions not specified) AMD Ryzen Processors (affected versions not specified) AMD Threadripper Processors (affected versions not specified) **Description** The issue is related to improper validation in a model specific register (MSR) that could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. This could give an attacker unlimited access to system memory and control over the operating system. The vulnerability is being actively exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AMD Ryzen (affected versions not specified) **Description** The issue is related to insufficient input validation in the System Management Mode (SMM) Supervisor firmware of AMD Ryzen processors. This could allow a remote attacker to elevate privileges and impact the integrity, availability, and confidentiality of protected information. The vulnerability may enable an attacker with a compromised SMI handler to gain Ring0 access, potentially leading to arbitrary code execution. The issue is being actively exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.