CVE-2024-36355

Published: Feb 10, 2026Modified: Feb 12, 2026

7.0

Vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: psirt@amd.com (Secondary)

Description

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execution.

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html

Source: psirt@amd.com

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4013.html

Source: psirt@amd.com

Timeline

No history available yet.