CVE-2024-36347

EPSS 0.01%
Published 27.06.2025 22:14:01
Last modified 30.06.2025 18:38:23
Source psirt@amd.com
Teams watchlist Login
Open Login

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorAMD

≫

Product AMD EPYC™ 7001 Series

Default Statusaffected

Version NaplesPI 1.0.0.P

Status unaffected

VendorAMD

≫

Product AMD EPYC™ 7002 Series

Default Statusaffected

Version RomePI 1.0.0.L

Status unaffected

VendorAMD

≫

Product AMD EPYC™ 7003 Series

Default Statusaffected

Version MilanPI 1.0.0.F

Status unaffected

VendorAMD

≫

Product AMD EPYC™ 9004 Series

Default Statusaffected

Version Genoa 1.0.0.E

Status unaffected

VendorAMD

≫

Product AMD EPYC™ 4004 Series

Default Statusaffected

Version ComboAM5PI1.0.0.a

Status unaffected

Version ComboAM5PI1.1.0.3c

Status unaffected

Version ComboAM5PI1.2.0.3

Status unaffected

VendorAMD

≫

Product AMD EPYC™ 9005 Series

Default Statusaffected

Version TurinPI 1.0.0.4

Status unaffected

VendorAMD

≫

Product AMD Instinct™ MI300A

Default Statusaffected

Version MI300PI_SR5 1.0.0.8

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 5000 Series Desktop Processors

Default Statusaffected

Version ComboAM4v2PI 1.2.0.E

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics

Default Statusaffected

Version ComboAM4v2PI 1.2.0.E

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 3000 Series Desktop Processors

Default Statusaffected

Version ComboAM4PI 1.0.0.D

Status unaffected

Version ComboAM4v2PI 1.2.0.E

Status unaffected

VendorAMD

≫

Product AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics

Default Statusaffected

Version ComboAM4PI 1.0.0.D

Status unaffected

Version ComboAM4v2PI 1.2.0.E

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7000 Series Desktop Processors

Default Statusaffected

Version ComboAM5PI 1.0.0.a

Status unaffected

Version ComboAM5PI 1.1.0.3c

Status unaffected

Version ComboAM5PI 1.2.0.3

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics

Default Statusaffected

Version ComboAM4v2PI 1.2.0.E

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics

Default Statusaffected

Version ComboAM5PI 1.1.0.3c

Status unaffected

Version ComboAM5PI 1.2.0.3

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 9000 Series Desktop Processors

Default Statusaffected

Version ComboAM5PI 1.2.0.3c

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Threadripper™ 3000 Series Processors

Default Statusaffected

Version CastlePeakPI-SP3r3 1.0.0.E

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors

Default Statusaffected

Version StormPeakPI-SP6 1.0.0.1k

Status unaffected

Version StormPeakPI-SP6 1.1.0.0i

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors

Default Statusaffected

Version ChagallWSPI-sWRX8 1.0.0.B

Status unaffected

Version CastlePeakWSPI-sWRX8 1.0.0.g

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors

Default Statusaffected

Version ChagallWSPI-sWRX8 1.0.0.B

Status unaffected

VendorAMD

≫

Product AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics

Default Statusaffected

Version PicassoPI-FP5 1.0.1.2b

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics

Default Statusaffected

Version PicassoPI-FP5 1.0.1.2b

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics

Default Statusaffected

Version RenoirPI-FP6 1.0.0.Eb

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics

Default Statusaffected

Version CezannePI-FP6 1.0.1.1b

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics

Default Statusaffected

Version MendocinoPI-FT6 1.0.0.7b

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics

Default Statusaffected

Version RembrandtPI-FP7 1.0.0.Bb

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics

Default Statusaffected

Version RembrandtPI-FP7 1.0.0.Bb

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7000 Series Processors with Radeon™ Graphics

Default Statusaffected

Version CezannePI-FP6 1.0.1.1b

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics

Default Statusaffected

Version PhoenixPI-FP8-FP7 1.2.0.0

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics

Default Statusaffected

Version PhoenixPI-FP8-FP7 1.2.0.0

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7045 Series Mobile Processors

Default Statusaffected

Version DragonRangeFL1 1.0.0.3g

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ AI 300 Series

Default Statusaffected

Version StrixKrakenPI-FP8_1.1.0.0b

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ AI Max +

Default Statusaffected

Version StrixHaloPI-FP11_1.0.0.1

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 9000HX Series Mobile Processors

Default Statusaffected

Version FireRangeFL1PI 1.0.0.0a

Status unaffected

VendorAMD

≫

Product AMD EPYC™ Embedded 3000

Default Statusaffected

Version SnowyOwl PI 1.1.0.E

Status unaffected

VendorAMD

≫

Product AMD EPYC™ Embedded 7002

Default Statusaffected

Version EmbRomePI-SP3 1.0.0.D

Status unaffected

VendorAMD

≫

Product AMD EPYC™ Embedded 7003

Default Statusaffected

Version EmbMilan PI-SP3 1.0.0.A

Status unaffected

VendorAMD

≫

Product AMD EPYC™ Embedded 8004

Default Statusaffected

Version EmbGenoaPI-SP5 1.0.0.9

Status unaffected

VendorAMD

≫

Product AMD EPYC™ Embedded 9004

Default Statusaffected

Version EmbGenoaPI-SP5 1.0.0.9

Status unaffected

VendorAMD

≫

Product AMD EPYC™ Embedded 97X4

Default Statusaffected

Version EmbGenoaPI-SP5 1.0.0.9

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded R1000

Default Statusaffected

Version EmbeddedPI-FP5 1.2.0.F

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded R2000

Default Statusaffected

Version EmbeddedR2KPI 1.0.0.5

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded 5000

Default Statusaffected

Version EmbAM4PI 1.0.0.7

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded 7000

Default Statusaffected

Version EmbeddedAM5PI 1.0.0.3

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded V1000

Default Statusaffected

Version EmbeddedPI-FP5 1.2.0.F

Status unaffected

VendorAMD

≫

Product AMD Ryzen™Embedded V2000

Default Statusaffected

Version EmbeddedPI-FP6 1.0.0.B

Status unaffected

VendorAMD

≫

Product AMD Ryzen™Embedded V3000

Default Statusaffected

Version EmbeddedPI-FP7R2 1.0.0.C

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.003

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@amd.com	6.4	0.5	5.9	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html

https://nvd.nist.gov/vuln/detail/CVE-2024-36347

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-36347

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-36347

EUVD