CVE-2021-39298

Name: CVE-2021-39298
Creator: NVD / NIST
Published: 2022-02-16T17:15:10.86+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 0.43%

Last modified Jun 17, 2026

CVE-2021-39298 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.. EPSS estimates a 0.43% chance of exploitation in the next 30 days.

Description

A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Probability

0.43%

34.2th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Hp	Z1 Entry Tower G5 Workstation Firmware	< 02.12.00
Hp	Z1 Entry Tower G6 Workstation Firmware	< 02.10.00
Hp	Z1 G8 Tower Desktop Pc Firmware	< 02.07.00
Hp	Z4 G4 Workstation \(Core-X\) Firmware	< 02.75
Hp	Z4 G4 Workstation \(Xeon W\) Firmware	< 02.75
Hp	Z6 G4 Workstation Firmware	< 02.75
Hp	Z8 G4 Workstation Firmware	< 02.75
Hp	Engage Flex Mini Retail System Firmware	< 02.10.00
Hp	Mp9 G4 Retail System Firmware	< 02.18.00
Hp	Elite Dragonfly Firmware	< 01.12.00
Hp	Elite Dragonfly G2 Firmware	< 01.08.00
Hp	Elite Dragonfly Max Firmware	< 01.08.00
Hp	Elite X2 1013 G3 Firmware	< 01.19.00
Hp	Elite X2 G4 Firmware	< 01.12.00
Hp	Elite X2 G8 Tablet Firmware	< 01.08.00
Hp	Elitebook 1050 G1 Firmware	< 01.19.00
Hp	Elitebook 830 G5 Firmware	< 01.19.00
Hp	Elitebook 830 G6 Firmware	< 01.12.00
Hp	Elitebook 830 G7 Firmware	< 01.08.00
Hp	Elitebook 830 G8 Firmware	< 01.08.00
Hp	Elitebook 836 G5 Firmware	< 01.19.00
Hp	Elitebook 836 G6 Firmware	< 01.12.00
Hp	Elitebook 840 Aero G8 Firmware	< 01.08.00
Hp	Elitebook 840 G5 Firmware	< 01.19.00
Hp	Elitebook 840 G5 Healthcare Edition Firmware	< 01.19.00
Hp	Elitebook 840 G6 Firmware	< 01.12.00
Hp	Elitebook 840 G6 Healthcare Edition Firmware	< 01.12.00
Hp	Elitebook 840 G7 Firmware	< 01.08.00
Hp	Elitebook 840 G8 Firmware	< 01.08.00
Hp	Elitebook 840r G4 Firmware	< 01.19.00
Hp	Elitebook 846 G5 Firmware	< 01.19.00
Hp	Elitebook 850 G5 Firmware	< 01.19.00
Hp	Elitebook 850 G6 Firmware	< 01.12.00
Hp	Elitebook 850 G7 Firmware	< 01.08.00
Hp	Elitebook 850 G8 Firmware	< 01.08.00
Hp	Elitebook X360 1030 G3 Firmware	< 01.19.00
Hp	Elitebook X360 1030 G4 Firmware	< 01.12.00
Hp	Elitebook X360 1030 G7 Firmware	< 01.08.00
Hp	Elitebook X360 1030 G8 Firmware	< 01.08.00
Hp	Elitebook X360 1040 G5 Firmware	< 01.19.00
Hp	Elitebook X360 1040 G6 Firmware	< 01.12.00
Hp	Elitebook X360 1040 G7 Firmware	< 01.08.00
Hp	Elitebook X360 1040 G8 Firmware	< 01.08.00
Hp	Elitebook X360 830 G5 Firmware	< 01.19.00
Hp	Elitebook X360 830 G6 Firmware	< 01.12.00
Hp	Elitebook X360 830 G7 Firmware	< 01.08.00
Hp	Elitebook X360 830 G8 Firmware	< 01.08.00
Hp	Probook 430 G5 Firmware	< 01.19.00
Hp	Probook 430 G6 Firmware	< 01.19.00
Hp	Probook 430 G7 Firmware	< 01.12.00

Showing 50 of 187 affected configurations. See NVD for the full list.

References

Timeline

Published: Feb 16, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-39298?

How severe is CVE-2021-39298?

CVE-2021-39298 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.43% probability of exploitation in the next 30 days.

How do I fix CVE-2021-39298?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-39298?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST