cvelistv5 - cve-2024-36347

CVE-2024-36347 (GCVE-0-2024-36347)

Vulnerability from cvelistv5 – Published: 2025-06-27 22:14 – Updated: 2025-07-01 03:55

Summary

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.

Severity ?

6.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-347 - Improper Verification of Cryptographic Signature

Assigner

AMD

References

URL

Tags

https://www.amd.com/en/resources/product-security…

Impacted products

Vendor

Product

Version

AMD

AMD EPYC™ 7001 Series

Unaffected: NaplesPI 1.0.0.P

AMD	AMD EPYC™ 7002 Series	Unaffected: RomePI 1.0.0.L
AMD	AMD EPYC™ 7003 Series	Unaffected: MilanPI 1.0.0.F
AMD	AMD EPYC™ 9004 Series	Unaffected: Genoa 1.0.0.E
AMD	AMD EPYC™ 4004 Series	Unaffected: ComboAM5PI1.0.0.a Unaffected: ComboAM5PI1.1.0.3c Unaffected: ComboAM5PI1.2.0.3
AMD	AMD EPYC™ 9005 Series	Unaffected: TurinPI 1.0.0.4
AMD	AMD Instinct™ MI300A	Unaffected: MI300PI_SR5 1.0.0.8
AMD	AMD Ryzen™ 5000 Series Desktop Processors	Unaffected: ComboAM4v2PI 1.2.0.E
AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.E
AMD	AMD Ryzen™ 3000 Series Desktop Processors	Unaffected: ComboAM4PI 1.0.0.D Unaffected: ComboAM4v2PI 1.2.0.E
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics	Unaffected: ComboAM4PI 1.0.0.D Unaffected: ComboAM4v2PI 1.2.0.E
AMD	AMD Ryzen™ 7000 Series Desktop Processors	Unaffected: ComboAM5PI 1.0.0.a Unaffected: ComboAM5PI 1.1.0.3c Unaffected: ComboAM5PI 1.2.0.3
AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.E
AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics	Unaffected: ComboAM5PI 1.1.0.3c Unaffected: ComboAM5PI 1.2.0.3
AMD	AMD Ryzen™ 9000 Series Desktop Processors	Unaffected: ComboAM5PI 1.2.0.3c
AMD	AMD Ryzen™ Threadripper™ 3000 Series Processors	Unaffected: CastlePeakPI-SP3r3 1.0.0.E
AMD	AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors	Unaffected: StormPeakPI-SP6 1.0.0.1k Unaffected: StormPeakPI-SP6 1.1.0.0i
AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors	Unaffected: ChagallWSPI-sWRX8 1.0.0.B Unaffected: CastlePeakWSPI-sWRX8 1.0.0.g
AMD	AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors	Unaffected: ChagallWSPI-sWRX8 1.0.0.B
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Unaffected: PicassoPI-FP5 1.0.1.2b
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics	Unaffected: PicassoPI-FP5 1.0.1.2b
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics	Unaffected: RenoirPI-FP6 1.0.0.Eb
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics	Unaffected: CezannePI-FP6 1.0.1.1b
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics	Unaffected: MendocinoPI-FT6 1.0.0.7b
AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics	Unaffected: RembrandtPI-FP7 1.0.0.Bb
AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics	Unaffected: RembrandtPI-FP7 1.0.0.Bb
AMD	AMD Ryzen™ 7000 Series Processors with Radeon™ Graphics	Unaffected: CezannePI-FP6 1.0.1.1b
AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics	Unaffected: PhoenixPI-FP8-FP7 1.2.0.0
AMD	AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics	Unaffected: PhoenixPI-FP8-FP7 1.2.0.0
AMD	AMD Ryzen™ 7045 Series Mobile Processors	Unaffected: DragonRangeFL1 1.0.0.3g
AMD	AMD Ryzen™ AI 300 Series	Unaffected: StrixKrakenPI-FP8_1.1.0.0b
AMD	AMD Ryzen™ AI Max +	Unaffected: StrixHaloPI-FP11_1.0.0.1
AMD	AMD Ryzen™ 9000HX Series Mobile Processors	Unaffected: FireRangeFL1PI 1.0.0.0a
AMD	AMD EPYC™ Embedded 3000	Unaffected: SnowyOwl PI 1.1.0.E
AMD	AMD EPYC™ Embedded 7002	Unaffected: EmbRomePI-SP3 1.0.0.D
AMD	AMD EPYC™ Embedded 7003	Unaffected: EmbMilan PI-SP3 1.0.0.A
AMD	AMD EPYC™ Embedded 8004	Unaffected: EmbGenoaPI-SP5 1.0.0.9
AMD	AMD EPYC™ Embedded 9004	Unaffected: EmbGenoaPI-SP5 1.0.0.9
AMD	AMD EPYC™ Embedded 97X4	Unaffected: EmbGenoaPI-SP5 1.0.0.9
AMD	AMD Ryzen™ Embedded R1000	Unaffected: EmbeddedPI-FP5 1.2.0.F
AMD	AMD Ryzen™ Embedded R2000	Unaffected: EmbeddedR2KPI 1.0.0.5
AMD	AMD Ryzen™ Embedded 5000	Unaffected: EmbAM4PI 1.0.0.7
AMD	AMD Ryzen™ Embedded 7000	Unaffected: EmbeddedAM5PI 1.0.0.3
AMD	AMD Ryzen™ Embedded V1000	Unaffected: EmbeddedPI-FP5 1.2.0.F
AMD	AMD Ryzen™Embedded V2000	Unaffected: EmbeddedPI-FP6 1.0.0.B
AMD	AMD Ryzen™Embedded V3000	Unaffected: EmbeddedPI-FP7R2 1.0.0.C

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36347",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-30T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-01T03:55:54.843Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7001 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "NaplesPI 1.0.0.P"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7002 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RomePI 1.0.0.L"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MilanPI 1.0.0.F"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Genoa 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 4004 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5PI1.0.0.a"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI1.1.0.3c"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI1.2.0.3"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9005 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "TurinPI 1.0.0.4"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Instinct\u2122 MI300A",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MI300PI_SR5 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI 1.0.0.D"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI 1.0.0.D"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.0.0.a"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.1.0.3c"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.2.0.3"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.1.0.3c"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.2.0.3"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 9000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.2.0.3c"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakPI-SP3r3 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "StormPeakPI-SP6 1.0.0.1k"
            },
            {
              "status": "unaffected",
              "version": "StormPeakPI-SP6 1.1.0.0i"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.B"
            },
            {
              "status": "unaffected",
              "version": "CastlePeakWSPI-sWRX8 1.0.0.g"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.B"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5 1.0.1.2b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5 1.0.1.2b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RenoirPI-FP6 1.0.0.Eb"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.1.1b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MendocinoPI-FT6 1.0.0.7b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.Bb"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.Bb"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.1.1b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PhoenixPI-FP8-FP7 1.2.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PhoenixPI-FP8-FP7 1.2.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "DragonRangeFL1 1.0.0.3g"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 AI 300 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "StrixKrakenPI-FP8_1.1.0.0b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 AI Max +",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "StrixHaloPI-FP11_1.0.0.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 9000HX Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "FireRangeFL1PI 1.0.0.0a"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "SnowyOwl PI 1.1.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7002",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbRomePI-SP3 1.0.0.D"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbMilan PI-SP3 1.0.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 8004",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5  1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9004",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 97X4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5  1.2.0.F"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedR2KPI  1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbAM4PI  1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI  1.0.0.3"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5 1.2.0.F"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.B"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP7R2 1.0.0.C"
            }
          ]
        }
      ],
      "datePublic": "2025-06-27T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.\u003cbr\u003e"
            }
          ],
          "value": "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347 Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-27T22:14:01.944Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2024-36347",
    "datePublished": "2025-06-27T22:14:01.944Z",
    "dateReserved": "2024-05-23T19:44:47.201Z",
    "dateUpdated": "2025-07-01T03:55:54.843Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-36347\",\"sourceIdentifier\":\"psirt@amd.com\",\"published\":\"2025-06-27T23:15:26.037\",\"lastModified\":\"2025-06-30T18:38:23.493\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.\"},{\"lang\":\"es\",\"value\":\"La verificaci\u00f3n de firma incorrecta en AMD CPU ROM microcode patch loader puede permitir que un atacante con privilegios de administrador local cargue microc\u00f3digo malicioso, lo que podr\u00eda resultar en la p\u00e9rdida de integridad de la ejecuci\u00f3n de instrucciones x86, p\u00e9rdida de confidencialidad e integridad de los datos en el contexto privilegiado de la CPU x86 y compromiso del entorno de ejecuci\u00f3n de SMM.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@amd.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.5,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@amd.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-347\"}]}],\"references\":[{\"url\":\"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html\",\"source\":\"psirt@amd.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-36347\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-30T16:20:27.062195Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-30T16:20:30.435Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 7001 Series\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"NaplesPI 1.0.0.P\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 7002 Series\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"RomePI 1.0.0.L\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 7003 Series\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"MilanPI 1.0.0.F\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 9004 Series\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Genoa 1.0.0.E\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 4004 Series\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"ComboAM5PI1.0.0.a\"}, {\"status\": \"unaffected\", \"version\": \"ComboAM5PI1.1.0.3c\"}, {\"status\": \"unaffected\", \"version\": \"ComboAM5PI1.2.0.3\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 9005 Series\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"TurinPI 1.0.0.4\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Instinct\\u2122 MI300A\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"MI300PI_SR5 1.0.0.8\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 5000 Series Desktop Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"ComboAM4v2PI 1.2.0.E\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 5000 Series Desktop Processor with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"ComboAM4v2PI 1.2.0.E\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 3000 Series Desktop Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"ComboAM4PI 1.0.0.D\"}, {\"status\": \"unaffected\", \"version\": \"ComboAM4v2PI 1.2.0.E\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Athlon\\u2122 3000 Series Desktop Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"ComboAM4PI 1.0.0.D\"}, {\"status\": \"unaffected\", \"version\": \"ComboAM4v2PI 1.2.0.E\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7000 Series Desktop Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"ComboAM5PI 1.0.0.a\"}, {\"status\": \"unaffected\", \"version\": \"ComboAM5PI 1.1.0.3c\"}, {\"status\": \"unaffected\", \"version\": \"ComboAM5PI 1.2.0.3\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 4000 Series Desktop Processor with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"ComboAM4v2PI 1.2.0.E\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 8000 Series Processor with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"ComboAM5PI 1.1.0.3c\"}, {\"status\": \"unaffected\", \"version\": \"ComboAM5PI 1.2.0.3\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 9000 Series Desktop Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"ComboAM5PI 1.2.0.3c\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Threadripper\\u2122 3000 Series Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"CastlePeakPI-SP3r3 1.0.0.E\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Threadripper\\u2122 PRO 7000 WX-Series Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"StormPeakPI-SP6 1.0.0.1k\"}, {\"status\": \"unaffected\", \"version\": \"StormPeakPI-SP6 1.1.0.0i\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Threadripper\\u2122 PRO 3000WX Series Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"ChagallWSPI-sWRX8 1.0.0.B\"}, {\"status\": \"unaffected\", \"version\": \"CastlePeakWSPI-sWRX8 1.0.0.g\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Threadripper\\u2122 PRO 5000WX- Series Desktop Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"ChagallWSPI-sWRX8 1.0.0.B\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Athlon\\u2122 3000 Series Mobile  Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"PicassoPI-FP5 1.0.1.2b\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 3000 Series Mobile Processor with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"PicassoPI-FP5 1.0.1.2b\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 4000 Series Mobile Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"RenoirPI-FP6 1.0.0.Eb\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 5000 Series Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"CezannePI-FP6 1.0.1.1b\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7020 Series Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"MendocinoPI-FT6 1.0.0.7b\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 6000 Series Processor with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"RembrandtPI-FP7 1.0.0.Bb\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7035 Series Processor with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"RembrandtPI-FP7 1.0.0.Bb\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7000 Series Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"CezannePI-FP6 1.0.1.1b\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7040 Series Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"PhoenixPI-FP8-FP7 1.2.0.0\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 8040 Series Mobile Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"PhoenixPI-FP8-FP7 1.2.0.0\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7045 Series Mobile Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"DragonRangeFL1 1.0.0.3g\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 AI 300 Series\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"StrixKrakenPI-FP8_1.1.0.0b\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 AI Max +\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"StrixHaloPI-FP11_1.0.0.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 9000HX Series Mobile Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"FireRangeFL1PI 1.0.0.0a\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 Embedded 3000\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"SnowyOwl PI 1.1.0.E\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 Embedded 7002\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"EmbRomePI-SP3 1.0.0.D\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 Embedded 7003\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"EmbMilan PI-SP3 1.0.0.A\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 Embedded 8004\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"EmbGenoaPI-SP5  1.0.0.9\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 Embedded 9004\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"EmbGenoaPI-SP5 1.0.0.9\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 Embedded 97X4\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"EmbGenoaPI-SP5 1.0.0.9\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Embedded R1000\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"EmbeddedPI-FP5  1.2.0.F\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Embedded R2000\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"EmbeddedR2KPI  1.0.0.5\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Embedded 5000\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"EmbAM4PI  1.0.0.7\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Embedded 7000\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"EmbeddedAM5PI  1.0.0.3\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Embedded V1000\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"EmbeddedPI-FP5 1.2.0.F\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122Embedded V2000\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"EmbeddedPI-FP6 1.0.0.B\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122Embedded V3000\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"EmbeddedPI-FP7R2 1.0.0.C\"}], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2025-06-27T16:00:00.000Z\", \"references\": [{\"url\": \"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-347\", \"description\": \"CWE-347 Improper Verification of Cryptographic Signature\"}]}], \"providerMetadata\": {\"orgId\": \"b58fc414-a1e4-4f92-9d70-1add41838648\", \"shortName\": \"AMD\", \"dateUpdated\": \"2025-06-27T22:14:01.944Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-36347\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-01T03:55:54.843Z\", \"dateReserved\": \"2024-05-23T19:44:47.201Z\", \"assignerOrgId\": \"b58fc414-a1e4-4f92-9d70-1add41838648\", \"datePublished\": \"2025-06-27T22:14:01.944Z\", \"assignerShortName\": \"AMD\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-FXG4-QP5Q-79P3

Vulnerability from github – Published: 2025-06-28 00:31 – Updated: 2025-06-28 00:31

Details

Severity ?

6.4 (Medium)


                  
                    CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-36347"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-27T23:15:26Z",
    "severity": "MODERATE"
  },
  "details": "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.",
  "id": "GHSA-fxg4-qp5q-79p3",
  "modified": "2025-06-28T00:31:11Z",
  "published": "2025-06-28T00:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36347"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2024-36347

Vulnerability from fkie_nvd - Published: 2025-06-27 23:15 - Updated: 2025-06-30 18:38

Severity ?

6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@amd.com	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment."
    },
    {
      "lang": "es",
      "value": "La verificaci\u00f3n de firma incorrecta en AMD CPU ROM microcode patch loader puede permitir que un atacante con privilegios de administrador local cargue microc\u00f3digo malicioso, lo que podr\u00eda resultar en la p\u00e9rdida de integridad de la ejecuci\u00f3n de instrucciones x86, p\u00e9rdida de confidencialidad e integridad de los datos en el contexto privilegiado de la CPU x86 y compromiso del entorno de ejecuci\u00f3n de SMM."
    }
  ],
  "id": "CVE-2024-36347",
  "lastModified": "2025-06-30T18:38:23.493",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.9,
        "source": "psirt@amd.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-27T23:15:26.037",
  "references": [
    {
      "source": "psirt@amd.com",
      "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html"
    }
  ],
  "sourceIdentifier": "psirt@amd.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-347"
        }
      ],
      "source": "psirt@amd.com",
      "type": "Secondary"
    }
  ]
}

WID-SEC-W-2025-0492

Vulnerability from csaf_certbund - Published: 2025-03-05 23:00 - Updated: 2025-05-12 22:00

Summary

AMD EPYC Prozessoren: Schwachstelle ermöglicht Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Prozessoren sind die zentralen Rechenwerke eines Computers.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in AMD Prozessor ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Prozessoren sind die zentralen Rechenwerke eines Computers.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in AMD Prozessor ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0492 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0492.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0492 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0492"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin vom 2025-03-05",
        "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-052 vom 2025-03-05",
        "url": "https://www.dell.com/support/kbdoc/de-de/000275716/dsa-2025-052"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-112 vom 2025-03-06",
        "url": "https://www.dell.com/support/kbdoc/000291174"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-052 vom 2025-03-06",
        "url": "https://www.dell.com/support/kbdoc/000275716"
      },
      {
        "category": "external",
        "summary": "HPE Security Advisory vom 2025-03-10",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04826en_us\u0026docLocale=en_US"
      },
      {
        "category": "external",
        "summary": "Lenovo Security Advisory LEN-189490 vom 2025-03-11",
        "url": "https://support.lenovo.com/us/en/product_security/LEN-189490"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin HPSBHF04020 vom 2025-04-11",
        "url": "https://support.hp.com/us-en/document/ish_12460666-12460692-16/HPSBHF04020"
      }
    ],
    "source_lang": "en-US",
    "title": "AMD EPYC Prozessoren: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2025-05-12T22:00:00.000+00:00",
      "generator": {
        "date": "2025-05-13T08:41:46.286+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0492",
      "initial_release_date": "2025-03-05T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-03-05T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-03-10T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von HP aufgenommen"
        },
        {
          "date": "2025-03-11T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von LENOVO aufgenommen"
        },
        {
          "date": "2025-05-12T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von HP aufgenommen"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "EPYC",
                "product": {
                  "name": "AMD Prozessor EPYC",
                  "product_id": "T041636",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:amd:amd_processor:epyc"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Prozessor"
          }
        ],
        "category": "vendor",
        "name": "AMD"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell BIOS",
            "product": {
              "name": "Dell BIOS",
              "product_id": "T032530",
              "product_identification_helper": {
                "cpe": "cpe:/h:dell:bios:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell Computer",
            "product": {
              "name": "Dell Computer",
              "product_id": "T006498",
              "product_identification_helper": {
                "cpe": "cpe:/o:dell:dell_computer:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell PowerEdge",
            "product": {
              "name": "Dell PowerEdge",
              "product_id": "T040784",
              "product_identification_helper": {
                "cpe": "cpe:/h:dell:poweredge:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HP BIOS",
            "product": {
              "name": "HP BIOS",
              "product_id": "T033440",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:bios:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "HP Computer",
            "product": {
              "name": "HP Computer",
              "product_id": "T031288",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HP"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HPE ProLiant",
            "product": {
              "name": "HPE ProLiant",
              "product_id": "T035784",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:proliant:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HPE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Lenovo Computer",
            "product": {
              "name": "Lenovo Computer",
              "product_id": "T026557",
              "product_identification_helper": {
                "cpe": "cpe:/h:lenovo:computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Lenovo"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-36347",
      "product_status": {
        "known_affected": [
          "T006498",
          "T031288",
          "T041636",
          "T026557",
          "T040784",
          "T032530",
          "T033440",
          "T035784"
        ]
      },
      "release_date": "2025-03-05T23:00:00.000+00:00",
      "title": "CVE-2024-36347"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-36347 (GCVE-0-2024-36347)

GHSA-FXG4-QP5Q-79P3

FKIE_CVE-2024-36347

WID-SEC-W-2025-0492

Tags

Sightings

Nomenclature