What is CVE-2024-36331?

CVE-2024-36331 is a low-severity vulnerability in Amd Epyc™ 9004 Series Processors, classified under Improper Initialization. CVSS score: 3.2/10. Published 2025-09-06.

How severe is CVE-2024-36331?

Low severity. CVSS v3 base score is 3.2 out of 10.

Is CVE-2024-36331 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Amd Epyc™ 9004 Series Processors

CVE-2024-36331

Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity.

Vulnerability class: Dirty Pipe (CVE-2022-0847)

EPSS: 0.000 (9.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.2 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N.

Affected products

Amd Epyc™ 9004 Series Processors — versions GenoaPI_1.0.0.F
Amd Epyc™ Embedded 9004 Series Processors — versions EmbGenoaPI-1.0.0.A
Amd Epyc™ Embedded 9004 Series Processors — versions EmbGenoaPI-1.0.0.A

Weakness classification (CWE)

CWE-665 — Improper Initialization

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-36331?: CVE-2024-36331 is a low-severity vulnerability in Amd Epyc™ 9004 Series Processors, classified under Improper Initialization. CVSS score: 3.2/10. Published 2025-09-06.
How severe is CVE-2024-36331?: Low severity. CVSS v3 base score is 3.2 out of 10.
Is CVE-2024-36331 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.