AMD SMM Handler Code Injection Vulnerability
CVE-2026-0438 Published on May 15, 2026

A System Management Mode (SMM) handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially compromising the systems confidentiality, integrity, and availability.

NVD

Weakness Type

Data Resource Access without Use of Connection Pooling

The software accesses a data resource through a database without using a connection pooling capability.

Affected Versions

AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics:

Version PhoenixPI-FP8-FP7_1.2.0.0f is unaffected.

AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics:

Version DragonRangeFL1PI 1.0.0.3k is unaffected.

AMD Ryzen™ 7000 Series Desktop Processors:

Version ComboAM5PI 1.0.0.d is unaffected.

AMD Ryzen™ 9000HX Series Processors:

Version FireRangeFL1PI 1.0.0.0d is unaffected.

AMD Ryzen™ AI 300 Series Processors:

Version StrixKrackanPI-FP8_1.1.0.0e is unaffected.

AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors:

Version StormPeakPI-SP6 1.0.0.1m is unaffected.
Version StormPeakPI-SP6_1.1.0.0k is unaffected.

AMD Ryzen™ 7000 Series Desktop Processors:

Version ComboAM5PI 1.1.0.3f is unaffected.

AMD Ryzen™ 7000 Series Desktop Processors:

Version ComboAM5PI_1.2.0.3i is unaffected.

AMD Ryzen™ 8000 Series Desktop Processors:

Version ComboAM5PI 1.1.0.3f is unaffected.

AMD Ryzen™ 8000 Series Desktop Processors:

Version ComboAM5PI_1.2.0.3i is unaffected.

AMD Ryzen™ 9000 Series Desktop Processors:

Version ComboAM5PI_1.2.0.3i is unaffected.

AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics:

Version PhoenixPI-FP8-FP7_1.2.0.0f is unaffected.

AMD Ryzen™ AI Max 300 Series Processors:

Version StrixHaloPI-FP11_1.0.0.2a is unaffected.

AMD Ryzen™ Z1 Series Processors:

Version PhoenixPI-FP8-FP7_1.2.0.0f is unaffected.

AMD Ryzen™ Z1 Series Processors:

Version PhoenixPI-FP8-FP7_1.2.0.0f is unaffected.

AMD Ryzen™ Z2 Series Processors Extreme:

Version StrixKrackanPI-FP8_1.1.0.2d is unaffected.

AMD Ryzen™ Z2 Series Processors:

Version PhoenixPI-FP8-FP7_1.2.0.0f is unaffected.

AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors:

Version ShimadaPeakPI-SP6 1.0.0.1c is unaffected.

AMD Ryzen™ Threadripper™ 7000 Processors:

Version ShimadaPeakPI-SP6 1.0.0.1c is unaffected.

AMD Not public:

Version StrixKrackanPI-FP8_1.1.0.2d is unaffected.

AMD Ryzen™ Threadripper™ 9000 Processors:

Version ShimadaPeakPI-SP6 1.0.0.1c is unaffected.

AMD Ryzen™ Threadripper™ PRO 9000 WX-Series Processors:

Version ShimadaPeakPI-SP6 1.0.0.1c is unaffected.

AMD Ryzen™ 7000 Series Desktop Processors (formerly codenamed "Raphael"):

Version ComboAM5PI_1.3.0.0 is unaffected.

AMD Ryzen™ 8000 Series Desktop Processors (formerly codenamed "Phoenix"):

Version ComboAM5PI_1.3.0.0 is unaffected.

AMD Ryzen™ 9000 Series Desktop Processors (formerly codenamed "Granite Ridge"):

Version ComboAM5PI_1.3.0.0 is unaffected.

AMD Ryzen™ Embedded 9000 Series Processors:

Version EmbeddedAM5PI 1.0.0.5 is unaffected.

AMD Ryzen™ Embedded 8000 Series Processors:

Version EmbeddedPhoenixPI-FP7r2_1.0.0.4 is unaffected.

AMD Ryzen™ Embedded 7000 Series Processors:

Version EmbeddedAM5PI 1.0.0.5 is unaffected.

AMD EPYC™ 4004 Series Processors:

Version ComboAM5PI 1.0.0.d / ComboAM5PI 1.1.0.3f / ComboAM5PI_1.2.0.3i is unaffected.

AMD EPYC™ 4005 Series Processors:

Version ComboAM5PI_1.2.0.3i is unaffected.

AMD SMM Handler Code Injection VulnerabilityCVE-2026-0438 Published on May 15, 2026

Weakness Type

Data Resource Access without Use of Connection Pooling

Affected Versions

AMD SMM Handler Code Injection Vulnerability
CVE-2026-0438 Published on May 15, 2026