Vulnerability-Lookup

GHSA-FXG4-QP5Q-79P3

Vulnerability from github – Published: 2025-06-28 00:31 – Updated: 2025-06-28 00:31

Details

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.

Severity

6.4 (Medium)


                  
                    CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-36347"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-27T23:15:26Z",
    "severity": "MODERATE"
  },
  "details": "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.",
  "id": "GHSA-fxg4-qp5q-79p3",
  "modified": "2025-06-28T00:31:11Z",
  "published": "2025-06-28T00:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36347"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2024-36347 (GCVE-0-2024-36347)

Vulnerability from cvelistv5 – Published: 2025-06-27 22:14 – Updated: 2026-02-26 17:50

Summary

Severity

6.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-347 - Improper Verification of Cryptographic Signature

Assigner

AMD

References

1 reference

URL	Tags
https://www.amd.com/en/resources/product-security…

Impacted products

46 products

Vendor	Product	Version
AMD	AMD EPYC™ 7001 Series	Unaffected: NaplesPI 1.0.0.P
AMD	AMD EPYC™ 7002 Series	Unaffected: RomePI 1.0.0.L
AMD	AMD EPYC™ 7003 Series	Unaffected: MilanPI 1.0.0.F
AMD	AMD EPYC™ 9004 Series	Unaffected: Genoa 1.0.0.E
AMD	AMD EPYC™ 4004 Series	Unaffected: ComboAM5PI1.0.0.a Unaffected: ComboAM5PI1.1.0.3c Unaffected: ComboAM5PI1.2.0.3
AMD	AMD EPYC™ 9005 Series	Unaffected: TurinPI 1.0.0.4
AMD	AMD Instinct™ MI300A	Unaffected: MI300PI_SR5 1.0.0.8
AMD	AMD Ryzen™ 5000 Series Desktop Processors	Unaffected: ComboAM4v2PI 1.2.0.E
AMD	AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.E
AMD	AMD Ryzen™ 3000 Series Desktop Processors	Unaffected: ComboAM4PI 1.0.0.D Unaffected: ComboAM4v2PI 1.2.0.E
AMD	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics	Unaffected: ComboAM4PI 1.0.0.D Unaffected: ComboAM4v2PI 1.2.0.E
AMD	AMD Ryzen™ 7000 Series Desktop Processors	Unaffected: ComboAM5PI 1.0.0.a Unaffected: ComboAM5PI 1.1.0.3c Unaffected: ComboAM5PI 1.2.0.3
AMD	AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics	Unaffected: ComboAM4v2PI 1.2.0.E
AMD	AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics	Unaffected: ComboAM5PI 1.1.0.3c Unaffected: ComboAM5PI 1.2.0.3
AMD	AMD Ryzen™ 9000 Series Desktop Processors	Unaffected: ComboAM5PI 1.2.0.3c
AMD	AMD Ryzen™ Threadripper™ 3000 Series Processors	Unaffected: CastlePeakPI-SP3r3 1.0.0.E
AMD	AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors	Unaffected: StormPeakPI-SP6 1.0.0.1k Unaffected: StormPeakPI-SP6 1.1.0.0i
AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors	Unaffected: ChagallWSPI-sWRX8 1.0.0.B Unaffected: CastlePeakWSPI-sWRX8 1.0.0.g
AMD	AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors	Unaffected: ChagallWSPI-sWRX8 1.0.0.B
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Unaffected: PicassoPI-FP5 1.0.1.2b
AMD	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics	Unaffected: PicassoPI-FP5 1.0.1.2b
AMD	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics	Unaffected: RenoirPI-FP6 1.0.0.Eb
AMD	AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics	Unaffected: CezannePI-FP6 1.0.1.1b
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics	Unaffected: MendocinoPI-FT6 1.0.0.7b
AMD	AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics	Unaffected: RembrandtPI-FP7 1.0.0.Bb
AMD	AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics	Unaffected: RembrandtPI-FP7 1.0.0.Bb
AMD	AMD Ryzen™ 7000 Series Processors with Radeon™ Graphics	Unaffected: CezannePI-FP6 1.0.1.1b
AMD	AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics	Unaffected: PhoenixPI-FP8-FP7 1.2.0.0
AMD	AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics	Unaffected: PhoenixPI-FP8-FP7 1.2.0.0
AMD	AMD Ryzen™ 7045 Series Mobile Processors	Unaffected: DragonRangeFL1 1.0.0.3g
AMD	AMD Ryzen™ AI 300 Series	Unaffected: StrixKrakenPI-FP8_1.1.0.0b
AMD	AMD Ryzen™ AI Max +	Unaffected: StrixHaloPI-FP11_1.0.0.1
AMD	AMD Ryzen™ 9000HX Series Mobile Processors	Unaffected: FireRangeFL1PI 1.0.0.0a
AMD	AMD EPYC™ Embedded 3000	Unaffected: SnowyOwl PI 1.1.0.E
AMD	AMD EPYC™ Embedded 7002	Unaffected: EmbRomePI-SP3 1.0.0.D
AMD	AMD EPYC™ Embedded 7003	Unaffected: EmbMilan PI-SP3 1.0.0.A
AMD	AMD EPYC™ Embedded 8004	Unaffected: EmbGenoaPI-SP5 1.0.0.9
AMD	AMD EPYC™ Embedded 9004	Unaffected: EmbGenoaPI-SP5 1.0.0.9
AMD	AMD EPYC™ Embedded 97X4	Unaffected: EmbGenoaPI-SP5 1.0.0.9
AMD	AMD Ryzen™ Embedded R1000	Unaffected: EmbeddedPI-FP5 1.2.0.F
AMD	AMD Ryzen™ Embedded R2000	Unaffected: EmbeddedR2KPI 1.0.0.5
AMD	AMD Ryzen™ Embedded 5000	Unaffected: EmbAM4PI 1.0.0.7
AMD	AMD Ryzen™ Embedded 7000	Unaffected: EmbeddedAM5PI 1.0.0.3
AMD	AMD Ryzen™ Embedded V1000	Unaffected: EmbeddedPI-FP5 1.2.0.F
AMD	AMD Ryzen™Embedded V2000	Unaffected: EmbeddedPI-FP6 1.0.0.B
AMD	AMD Ryzen™Embedded V3000	Unaffected: EmbeddedPI-FP7R2 1.0.0.C

Date Public

2025-06-27 16:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36347",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-01T03:55:55.838463Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:50:21.428Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7001 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "NaplesPI 1.0.0.P"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7002 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RomePI 1.0.0.L"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MilanPI 1.0.0.F"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Genoa 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 4004 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5PI1.0.0.a"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI1.1.0.3c"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI1.2.0.3"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9005 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "TurinPI 1.0.0.4"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Instinct\u2122 MI300A",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MI300PI_SR5 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI 1.0.0.D"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI 1.0.0.D"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.0.0.a"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.1.0.3c"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.2.0.3"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2PI 1.2.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.1.0.3c"
            },
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.2.0.3"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 9000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5PI 1.2.0.3c"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakPI-SP3r3 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "StormPeakPI-SP6 1.0.0.1k"
            },
            {
              "status": "unaffected",
              "version": "StormPeakPI-SP6 1.1.0.0i"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.B"
            },
            {
              "status": "unaffected",
              "version": "CastlePeakWSPI-sWRX8 1.0.0.g"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.B"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5 1.0.1.2b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5 1.0.1.2b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RenoirPI-FP6 1.0.0.Eb"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.1.1b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MendocinoPI-FT6 1.0.0.7b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.Bb"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.Bb"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.1.1b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PhoenixPI-FP8-FP7 1.2.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PhoenixPI-FP8-FP7 1.2.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "DragonRangeFL1 1.0.0.3g"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 AI 300 Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "StrixKrakenPI-FP8_1.1.0.0b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 AI Max +",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "StrixHaloPI-FP11_1.0.0.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 9000HX Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "FireRangeFL1PI 1.0.0.0a"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "SnowyOwl PI 1.1.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7002",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbRomePI-SP3 1.0.0.D"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbMilan PI-SP3 1.0.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 8004",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5  1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9004",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 97X4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5  1.2.0.F"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedR2KPI  1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbAM4PI  1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI  1.0.0.3"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5 1.2.0.F"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.B"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP7R2 1.0.0.C"
            }
          ]
        }
      ],
      "datePublic": "2025-06-27T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.\u003cbr\u003e"
            }
          ],
          "value": "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347 Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-27T22:14:01.944Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2024-36347",
    "datePublished": "2025-06-27T22:14:01.944Z",
    "dateReserved": "2024-05-23T19:44:47.201Z",
    "dateUpdated": "2026-02-26T17:50:21.428Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-FXG4-QP5Q-79P3

CVE-2024-36347 (GCVE-0-2024-36347)

Tags

Sightings

Nomenclature