CVE-2024-36347
BaseFortify
Publication date: 2025-06-27
Last updated on: 2025-06-30
Assigner: Advanced Micro Devices Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can lead to loss of integrity of CPU instruction execution and compromise the confidentiality and integrity of data processed in the CPU's privileged context. It may also compromise the System Management Mode (SMM) execution environment, potentially allowing attackers to execute malicious code at a very high privilege level, which can severely impact system security and stability.
Can you explain this vulnerability to me?
This vulnerability involves improper signature verification in the AMD CPU ROM microcode patch loader. It may allow an attacker who already has local administrator privileges to load malicious microcode onto the CPU. This malicious microcode can compromise the integrity of x86 instruction execution and affect the confidentiality and integrity of data within the CPU's privileged context, including the System Management Mode (SMM) execution environment.