CVE-2026-0438

Summary

A System Management Mode (SMM) handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially compromising the system’s confidentiality, integrity, and availability.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7_1.2.0.0funaffected
AMDAMD Ryzen™ 7045 Series Mobile Processors with Radeon™ GraphicsDragonRangeFL1PI 1.0.0.3kunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.0.0.dunaffected
AMDAMD Ryzen™ 9000HX Series ProcessorsFireRangeFL1PI 1.0.0.0dunaffected
AMDAMD Ryzen™ AI 300 Series ProcessorsStrixKrackanPI-FP8_1.1.0.0eunaffected
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsStormPeakPI-SP6 1.0.0.1munaffected
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsStormPeakPI-SP6_1.1.0.0kunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.1.0.3funaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI_1.2.0.3iunaffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsComboAM5PI 1.1.0.3funaffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsComboAM5PI_1.2.0.3iunaffected
AMDAMD Ryzen™ 9000 Series Desktop ProcessorsComboAM5PI_1.2.0.3iunaffected
AMDAMD Ryzen™ 8040 Series Mobile Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7_1.2.0.0funaffected
AMDAMD Ryzen™ AI Max 300 Series ProcessorsStrixHaloPI-FP11_1.0.0.2aunaffected
AMDAMD Ryzen™ Z1 Series ProcessorsPhoenixPI-FP8-FP7_1.2.0.0funaffected
AMDAMD Ryzen™ Z1 Series ProcessorsPhoenixPI-FP8-FP7_1.2.0.0funaffected
AMDAMD Ryzen™ Z2 Series Processors ExtremeStrixKrackanPI-FP8_1.1.0.2dunaffected
AMDAMD Ryzen™ Z2 Series ProcessorsPhoenixPI-FP8-FP7_1.2.0.0funaffected
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsShimadaPeakPI-SP6 1.0.0.1cunaffected
AMDAMD Ryzen™ Threadripper™ 7000 ProcessorsShimadaPeakPI-SP6 1.0.0.1cunaffected
AMDAMD Ryzen™ Threadripper™ 9000 ProcessorsShimadaPeakPI-SP6 1.0.0.1cunaffected
AMDAMD Ryzen™ Threadripper™ PRO 9000 WX-Series ProcessorsShimadaPeakPI-SP6 1.0.0.1cunaffected
AMDAMD Ryzen™ 7000 Series Desktop Processors (formerly codenamed “Raphael”)ComboAM5PI_1.3.0.0unaffected
AMDAMD Ryzen™ 8000 Series Desktop Processors (formerly codenamed “Phoenix”)ComboAM5PI_1.3.0.0unaffected
AMDAMD Ryzen™ 9000 Series Desktop Processors (formerly codenamed “Granite Ridge”)ComboAM5PI_1.3.0.0unaffected
AMDAMD Ryzen™ Embedded 9000 Series ProcessorsEmbeddedAM5PI 1.0.0.5unaffected
AMDAMD Ryzen™ Embedded 8000 Series ProcessorsEmbeddedPhoenixPI-FP7r2_1.0.0.4unaffected
AMDAMD Ryzen™ Embedded 7000 Series ProcessorsEmbeddedAM5PI 1.0.0.5unaffected
AMDAMD EPYC™ 4004 Series ProcessorsComboAM5PI 1.0.0.d / ComboAM5PI 1.1.0.3f / ComboAM5PI_1.2.0.3iunaffected
AMDAMD EPYC™ 4005 Series ProcessorsComboAM5PI_1.2.0.3iunaffected

Weaknesses

  • CWE-1072: CWE-1072 Call to Function Pointer from Untrusted Control Sphere in SMM

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References