CVE-2024-36354 | THREATINT

Description

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level.

PUBLISHED Reserved 2024-05-23 | Published 2025-09-06 | Updated 2025-09-23 | Assigner AMD

HIGH: 7.5CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-1231 - Improper Prevention of Lock Bit Modification

Product status

Default status

affected

CastlePeakPI-SP3r3 1.0.0.D

unaffected

Default status

affected

ChagallWSPI-sWRX8-1.0.0.A

unaffected

Default status

affected

CezannePI-FP6_1.0.1.1a

unaffected

Default status

affected

CastlePeakWSPI-sWRX8 1.0.0.F

unaffected

Default status

affected

ChagallWSPI-sWRX8-1.0.0.A

unaffected

Default status

affected

PicassoPI-FP5_1.0.1.2a

unaffected

Default status

affected

PhoenixPI-FP8-FP7_1.1.8.0

unaffected

Default status

affected

PicassoPI-FP5_1.0.1.2a

unaffected

Default status

affected

ComboAM5PI_1.2.0.2a

unaffected

Default status

affected

PhoenixPI-FP8-FP7_1.1.8.0

unaffected

Default status

affected

RenoirPI-FP6 1.0.0.Ea

unaffected

Default status

affected

RembrandtPI-FP7_1.0.0.Ba

unaffected

Default status

affected

DragonRangeFL1_1.0.0.3f

unaffected

Default status

affected

RembrandtPI-FP7_1.0.0.Ba

unaffected

Default status

affected

ComboAM5PI_1.2.0.2a

unaffected

Default status

affected

CezannePI-FP6_1.0.1.1a

unaffected

Default status

affected

ComboAM5PI_1.2.0.2a

unaffected

Default status

affected

ComboAM4PI_1.0.0.C

unaffected

ComboAM4v2PI_1.2.0.D

unaffected

Default status

affected

ComboAM4PI_1.0.0.C

unaffected

Default status

affected

ComboAM4v2PI_1.2.0.D

unaffected

Default status

affected

ComboAM4v2PI_1.2.0.D

unaffected

Default status

affected

ComboAM4v2PI_1.2.0.D

unaffected

Default status

affected

SnowyOwl PI 1.1.0.F

unaffected

Default status

affected

EmbRomePI-SP3_1.0.0.E

unaffected

Default status

affected

EmbMilanPI-SP3 1.0.0.A

unaffected

Default status

affected

EmbGenoaPI-SP5 1.0.0.8

unaffected

Default status

affected

EmbAM4PI 1.0.0.7

unaffected

Default status

affected

EmbeddedPI-FP6_1.0.0.B

unaffected

Default status

affected

Embedded-PI_FP7r2 100A

unaffected

Default status

affected

EmbGenoaPI-SP5 1.0.0.8

unaffected

Default status

affected

EmbeddedAM5PI 1.0.0.3

unaffected

Default status

affected

GenoaPI 1.0.0.D

unaffected

Default status

affected

MilanPI 1.0.0.D

unaffected

Default status

affected

Rome PI 1.0.0.M

unaffected

Default status

affected

Naples 1.0.0.Q

unaffected

Default status

affected

GenoaPI 1.0.0.D

unaffected

Default status

affected

ComboAM5PI_1.2.0.2a

unaffected

Default status

affected

GenoaPI 1.0.0.D

unaffected

References

www.amd.com/...es/product-security/bulletin/AMD-SB-4012.html

www.amd.com/...es/product-security/bulletin/AMD-SB-5007.html

www.amd.com/...es/product-security/bulletin/AMD-SB-3014.html

cve.org (CVE-2024-36354)

nvd.nist.gov (CVE-2024-36354)

Download JSON