Medium severityNVD Advisory· Published May 15, 2026· Updated May 15, 2026
CVE-2026-0438
CVE-2026-0438
Description
A System Management Mode (SMM) handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially compromising the system’s confidentiality, integrity, and availability.
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.