Description
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.
Reserved 2024-05-23 | Published 2025-06-27 | Updated 2025-06-27 | Assigner
AMDMEDIUM: 6.4CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Problem types
CWE-347 Improper Verification of Cryptographic Signature
Product status
Default status
affected
NaplesPI 1.0.0.P
unaffected
Default status
affected
RomePI 1.0.0.L
unaffected
Default status
affected
MilanPI 1.0.0.F
unaffected
Default status
affected
Genoa 1.0.0.E
unaffected
Default status
affected
ComboAM5PI1.0.0.a
unaffected
ComboAM5PI1.1.0.3c
unaffected
ComboAM5PI1.2.0.3
unaffected
Default status
affected
TurinPI 1.0.0.4
unaffected
Default status
affected
MI300PI_SR5 1.0.0.8
unaffected
Default status
affected
ComboAM4v2PI 1.2.0.E
unaffected
Default status
affected
ComboAM4v2PI 1.2.0.E
unaffected
Default status
affected
ComboAM4PI 1.0.0.D
unaffected
ComboAM4v2PI 1.2.0.E
unaffected
Default status
affected
ComboAM4PI 1.0.0.D
unaffected
ComboAM4v2PI 1.2.0.E
unaffected
Default status
affected
ComboAM5PI 1.0.0.a
unaffected
ComboAM5PI 1.1.0.3c
unaffected
ComboAM5PI 1.2.0.3
unaffected
Default status
affected
ComboAM4v2PI 1.2.0.E
unaffected
Default status
affected
ComboAM5PI 1.1.0.3c
unaffected
ComboAM5PI 1.2.0.3
unaffected
Default status
affected
ComboAM5PI 1.2.0.3c
unaffected
Default status
affected
CastlePeakPI-SP3r3 1.0.0.E
unaffected
Default status
affected
StormPeakPI-SP6 1.0.0.1k
unaffected
StormPeakPI-SP6 1.1.0.0i
unaffected
Default status
affected
ChagallWSPI-sWRX8 1.0.0.B
unaffected
CastlePeakWSPI-sWRX8 1.0.0.g
unaffected
Default status
affected
ChagallWSPI-sWRX8 1.0.0.B
unaffected
Default status
affected
PicassoPI-FP5 1.0.1.2b
unaffected
Default status
affected
PicassoPI-FP5 1.0.1.2b
unaffected
Default status
affected
RenoirPI-FP6 1.0.0.Eb
unaffected
Default status
affected
CezannePI-FP6 1.0.1.1b
unaffected
Default status
affected
MendocinoPI-FT6 1.0.0.7b
unaffected
Default status
affected
RembrandtPI-FP7 1.0.0.Bb
unaffected
Default status
affected
RembrandtPI-FP7 1.0.0.Bb
unaffected
Default status
affected
CezannePI-FP6 1.0.1.1b
unaffected
Default status
affected
PhoenixPI-FP8-FP7 1.2.0.0
unaffected
Default status
affected
PhoenixPI-FP8-FP7 1.2.0.0
unaffected
Default status
affected
DragonRangeFL1 1.0.0.3g
unaffected
Default status
affected
StrixKrakenPI-FP8_1.1.0.0b
unaffected
Default status
affected
StrixHaloPI-FP11_1.0.0.1
unaffected
Default status
affected
FireRangeFL1PI 1.0.0.0a
unaffected
Default status
affected
SnowyOwl PI 1.1.0.E
unaffected
Default status
affected
EmbRomePI-SP3 1.0.0.D
unaffected
Default status
affected
EmbMilan PI-SP3 1.0.0.A
unaffected
Default status
affected
EmbGenoaPI-SP5 1.0.0.9
unaffected
Default status
affected
EmbGenoaPI-SP5 1.0.0.9
unaffected
Default status
affected
EmbGenoaPI-SP5 1.0.0.9
unaffected
Default status
affected
EmbeddedPI-FP5 1.2.0.F
unaffected
Default status
affected
EmbeddedR2KPI 1.0.0.5
unaffected
Default status
affected
EmbAM4PI 1.0.0.7
unaffected
Default status
affected
EmbeddedAM5PI 1.0.0.3
unaffected
Default status
affected
EmbeddedPI-FP5 1.2.0.F
unaffected
Default status
affected
EmbeddedPI-FP6 1.0.0.B
unaffected
Default status
affected
EmbeddedPI-FP7R2 1.0.0.C
unaffected
References
www.amd.com/...es/product-security/bulletin/amd-sb-7033.html
cve.org (CVE-2024-36347)
nvd.nist.gov (CVE-2024-36347)
Download JSON
