Vulnerability in Amd Epyc™ 9004 Series Processors

CVE-2024-36310

Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity.

EPSS: 0.000 (0.4th percentile) — read the EPSS interpretation.

Affected products

Amd Epyc™ 9004 Series Processors — versions GenoaPI 1.0.0.F
Amd Epyc™ 9005 Series Processors — versions TurinPI 1.0.0.4
Amd Epyc™ Embedded 9004 Series Processors (Formerly Codenamed "Genoa") — versions EmbGenoaPI-SP5 1.0.0.B
Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics — versions RembrandtPI-FP7_1.0.0.BD
Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics — versions MendocinoPI-FT6_1.0.0.7c
Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics — versions RembrandtPI-FP7_1.0.0.BD
Amd Ryzen™ 7040 Series Mobile Processors With Radeon™ Graphics — versions PhoenixPI-FP8-FP7_1.2.0.0c
Amd Ryzen™ 8000 Series Desktop Processors — versions ComboAM5 1.1.0.3d, ComboAM5 1.2.0.3d
Amd Ryzen™ 8040 Series Mobile Processors With Radeon™ Graphics — versions PhoenixPI-FP8-FP7_1.2.0.0c
Amd Ryzen™ 9000hx Series Mobile Processors — versions FireRangeFL1PI 1.0.0.0a

Weakness classification (CWE)

CWE-124 — Buffer Underwrite

References