CVE-2024-36347

Published: Jun 27, 2025Modified: Jun 30, 2025

6.4

Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.5 / Impact: 5.9

Source: psirt@amd.com (Secondary)

Description

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.

Related CWEs

CWE-347

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (1)

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html

Source: psirt@amd.com

Timeline

No history available yet.