CVE-2021-39298

Name of the Vulnerable Software and Affected Versions AMD System Management Mode (SMM) (affected versions not specified) UEFI firmware (BIOS) for some PC products (affected versions not specified)

Description A potential issue in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM, resulting in arbitrary code execution. This could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware. The issue may allow escalation of privilege and arbitrary code execution in UEFI firmware (BIOS) for some PC products.

Recommendations For AMD System Management Mode (SMM), at the moment, there is no information about a newer version that contains a fix for this vulnerability. For UEFI firmware (BIOS) for some PC products, at the moment, there is no information about a newer version that contains a fix for this vulnerability.