Buffer overflow in Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics

CVE-2024-36355

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execution.

Vulnerability class: Buffer Overflow

EPSS: 0.000 (0.6th percentile) — read the EPSS interpretation.

Affected products

Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics — versions PicassoPI-FP5_1.0.1.2c
Amd Epyc™ 9004 Series Processors — versions GenoaPI 1.0.0.E
Amd Epyc™ Embedded 9004 Series Processors (Formerly Codenamed "Genoa") — versions EmbGenoaPI-SP5 1.0.0.B
Amd Ryzen™ 3000 Series Desktop Processors — versions ComboAM4PI 1.0.0.10, ComboAM4v2PI 1.2.0.10
Amd Ryzen™ 3000 Series Mobile Processors With Radeon™ Graphics — versions PicassoPI-FP5_1.0.1.2c
Amd Ryzen™ 4000 Series Desktop Processors — versions ComboAM4v2PI 1.2.0.10
Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics — versions RenoirPI-FP6 1.0.0.Eb
Amd Ryzen™ 5000 Series Desktop Processors — versions ComboAM4v2PI 1.2.0.10
Amd Ryzen™ 5000 Series Desktop Processors With Radeon™ Graphics — versions ComboAM4v2PI 1.2.0.10
Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics — versions CezannePI-FP6_1.0.1.1b

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References