Vulnerability Description
A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Z1 Entry Tower G5 Workstation Firmware | < 02.12.00 |
| Hp | Z1 Entry Tower G5 Workstation | - |
| Hp | Z1 Entry Tower G6 Workstation Firmware | < 02.10.00 |
| Hp | Z1 Entry Tower G6 Workstation | - |
| Hp | Z1 G8 Tower Desktop Pc Firmware | < 02.07.00 |
| Hp | Z1 G8 Tower Desktop Pc | - |
| Hp | Z4 G4 Workstation \(Core-X\) Firmware | < 02.75 |
| Hp | Z4 G4 Workstation \(Core-X\) | - |
| Hp | Z4 G4 Workstation \(Xeon W\) Firmware | < 02.75 |
| Hp | Z4 G4 Workstation \(Xeon W\) | - |
| Hp | Z6 G4 Workstation Firmware | < 02.75 |
| Hp | Z6 G4 Workstation | - |
| Hp | Z8 G4 Workstation Firmware | < 02.75 |
| Hp | Z8 G4 Workstation | - |
| Hp | Engage Flex Mini Retail System Firmware | < 02.10.00 |
| Hp | Engage Flex Mini Retail System | - |
| Hp | Mp9 G4 Retail System Firmware | < 02.18.00 |
| Hp | Mp9 G4 Retail System | - |
| Hp | Elite Dragonfly Firmware | < 01.12.00 |
| Hp | Elite Dragonfly | - |
References
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1027
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1027
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032
FAQ
What is CVE-2021-39298?
CVE-2021-39298 is a vulnerability with a CVSS score of 8.8 (HIGH). A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used b...
How severe is CVE-2021-39298?
CVE-2021-39298 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-39298?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Z1 Entry Tower G5 Workstation Firmware, Hp Z1 Entry Tower G5 Workstation, Hp Z1 Entry Tower G6 Workstation Firmware, Hp Z1 Entry Tower G6 Workstation, Hp Z1 G8 Tower Desktop Pc Firmware.