Vulnerability in Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics
CVE-2024-36347
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of co…
EPSS: 0.000 (6.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics — versions ComboAM4PI 1.0.0.D, ComboAM4v2PI 1.2.0.E
- Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics — versions PicassoPI-FP5 1.0.1.2b
- Amd Epyc™ 4004 Series — versions ComboAM5PI1.0.0.a, ComboAM5PI1.1.0.3c, ComboAM5PI1.2.0.3
- Amd Epyc™ 7001 Series — versions NaplesPI 1.0.0.P
- Amd Epyc™ 7002 Series — versions RomePI 1.0.0.L
- Amd Epyc™ 7003 Series — versions MilanPI 1.0.0.F
- Amd Epyc™ 9004 Series — versions Genoa 1.0.0.E
- Amd Epyc™ 9005 Series — versions TurinPI 1.0.0.4
- Amd Epyc™ Embedded 3000 — versions SnowyOwl PI 1.1.0.E
- Amd Epyc™ Embedded 7002 — versions EmbRomePI-SP3 1.0.0.D
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2024-36347?
- CVE-2024-36347 is a medium-severity vulnerability in Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics, classified under Improper Verification of Cryptographic Signature. CVSS score: 6.4/10. Published 2025-06-27.
- How severe is CVE-2024-36347?
- Medium severity. CVSS v3 base score is 6.4 out of 10.