Vulnerability in Amd Ryzen™ 7000 Series Desktop Processors

CVE-2024-36311

A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality…

Vulnerability class: TOCTOU (Time-of-Check to Time-of-Use)

EPSS: 0.000 (3.4th percentile) — read the EPSS interpretation.

Affected products

Amd Ryzen™ 7000 Series Desktop Processors — versions ComboAM5PI 1.0.0.b, ComboAM5PI 1.1.0.3d, ComboAM5PI 1.2.0.3d
Amd Ryzen™ 7045 Series Mobile Processors With Radeon™ Graphics — versions DragonRangeFL1PI 1.0.0.3h
Amd Ryzen™ 8000 Series Desktop Processors — versions ComboAM5PI 1.1.0.3d, ComboAM5PI 1.2.0.3d
Amd Ryzen™ 9000hx Series Mobile Processors — versions FireRangeFL1PI 1.0.0.0a
Amd Ryzen™ 9000 Series Desktop Processors — versions ComboAM5PI 1.2.0.3d
Amd Ryzen™ Embedded 7000 Series Processors — versions EmbeddedAM5PI 1.0.0.4

Weakness classification (CWE)

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition

References

www.amd.com/en/resources/product-security/bulletin/AMD-SB-4013.html