Vulnerability in Amd Epyc™ 4004

CVE-2024-36345

Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality.

EPSS: 0.000 (3.7th percentile) — read the EPSS interpretation.

Affected products

Amd Epyc™ 4004 — versions ComboAM5PI 1.1.0.3d
Amd Epyc™ 4005 — versions ComboAM5 1.2.0.3j
Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics — versions RembrandtPI-FP7_1.0.0.Bg
Amd Ryzen™ 7000 Series Desktop Processors — versions ComboAM5PI 1.0.0.e, ComboAM5PI 1.1.0.3g, ComboAM5PI 1.2.0.3j
Amd Ryzen™ 7040 Series Mobile Processors With Radeon™ Graphics — versions PhoenixPI-FP8-FP7_1.2.0.0f
Amd Ryzen™ 7045 Series Mobile Processors With Radeon™ Graphics — versions DragonRangeFL1_1.0.0.3l
Amd Ryzen™ 8000 Series Desktop Processors — versions ComboAM5PI 1.1.0.3g, ComboAM5PI 1.2.0.3j
Amd Ryzen™ 8040 Series Mobile Processors With Radeon™ Graphics — versions PhoenixPI-FP8-FP7_1.2.0.0f
Amd Ryzen™ 9000hx Series Mobile Processors — versions FireRangeFL1PI 1.0.0.0f
Amd Ryzen™ 9000 Series Desktop Processors — versions ComboAM5PI 1.2.0.3j

Weakness classification (CWE)

CWE-1274

References