CVE-2024-36331
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-06
Last updated on: 2025-11-03
Assigner: Advanced Micro Devices Inc.
Description
Description
Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amd | ryzen_embedded | 5000 |
| amd | epyc_embedded | 7002 |
| amd | epyc_embedded | 3000 |
| amd | epyc | 4004 |
| amd | epyc | 9004 |
| amd | ryzen_embedded | v3000 |
| amd | epyc_embedded | 7003 |
| amd | ryzen_embedded | r1000 |
| amd | epyc | 7002 |
| amd | epyc | 7003 |
| amd | epyc_embedded | 900 |
| amd | epyc | 7001 |
| amd | ryzen_embedded | 8000 |
| amd | ryzen_embedded | r2000 |
| amd | ryzen_embedded | 7000 |
| linux | linux | 6.1.153 |
| amd | ryzen_embedded | v2000 |
| amd | epyc | 8004 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-665 | The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper initialization of CPU cache memory, which could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory, leading to a loss of data integrity.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing a privileged attacker with hypervisor access to overwrite guest memory protected by SEV-SNP, resulting in loss of data integrity. This means that sensitive or critical data could be altered without detection.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70