Home

Description

Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality.

PUBLISHED Reserved 2024-05-23 | Published 2026-05-15 | Updated 2026-05-19 | Assigner AMD




MEDIUM: 4.6CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code

Product status

Default status
affected

ComboAM5PI 1.1.0.3d
unaffected

Default status
affected

ComboAM5 1.2.0.3j
unaffected

Default status
affected

RembrandtPI-FP7_1.0.0.Bg
unaffected

Default status
affected

PhoenixPI-FP8-FP7_1.2.0.0f
unaffected

Default status
affected

DragonRangeFL1_1.0.0.3l
unaffected

Default status
affected

ComboAM5PI 1.0.0.e
unaffected

ComboAM5PI 1.1.0.3g
unaffected

ComboAM5PI 1.2.0.3j
unaffected

Default status
affected

FireRangeFL1PI 1.0.0.0f
unaffected

Default status
affected

StrixHaloPI-FP11_1.0.0.2b
unaffected

Default status
affected

StrixKrackanPI-FP8_1.1.0.0f
unaffected

StrixKrackanPI-FP8_1.1.0.2e
unaffected

Default status
affected

StormPeakPI-SP6 1.1.0.0k
unaffected

Default status
affected

StormPeakPI-SP6 1.0.0.1m
unaffected

StormPeakPI-SP6 1.1.0.0k
unaffected

Default status
affected

ComboAM5PI 1.1.0.3g
unaffected

ComboAM5PI 1.2.0.3j
unaffected

Default status
affected

ComboAM5PI 1.2.0.3j
unaffected

Default status
affected

ComboAM5PI 1.2.0.3j
unaffected

Default status
affected

PhoenixPI-FP8-FP7_1.2.0.0f
unaffected

Default status
affected

EmbeddedPhoenixPI-FP7r2_1.0.0.4
unaffected

Default status
affected

Embedded-PI_FP7r2 1012
unaffected

Default status
affected

EmbeddedAM5PI 1.0.0.7
unaffected

Default status
affected

EmbeddedAM5PI 1.0.0.7
unaffected

References

www.amd.com/...es/product-security/bulletin/AMD-SB-3030.html

www.amd.com/...es/product-security/bulletin/AMD-SB-4017.html

cve.org (CVE-2024-36345)

nvd.nist.gov (CVE-2024-36345)

Download JSON