CVE-2024-36354
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-06
Last updated on: 2025-09-23
Assigner: Advanced Micro Devices Inc.
Description
Description
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amd | ryzen | 4000 |
| amd | epyc_embedded | 7003 |
| amd | ryzen_embedded | 8000 |
| amd | epyc | 7001 |
| amd | pro | 5000wx |
| amd | ryzen | 2000 |
| amd | ryzen_embedded | 7000 |
| amd | client_processor | * |
| amd | epyc_embedded | 7002 |
| amd | epyc | 9004 |
| amd | ryzen | 6000 |
| amd | ryzen | 5000 |
| amd | ryzen | 8000 |
| amd | epyc | 7003 |
| amd | pro | 7000 |
| amd | pro | 3000wx |
| amd | ryzen_embedded | 5000 |
| amd | epyc_embedded | 3000 |
| amd | epyc | 7002 |
| amd | epyc_embedded | 900 |
| amd | ryzen_embedded | r2000 |
| amd | ryzen_threadripper | 3000 |
| amd | epyc | 4004 |
| amd | ryzen_embedded | v3000 |
| amd | athlon | 3000 |
| amd | ryzen_embedded | r1000 |
| amd | ryzen | 7000 |
| amd | ryzen_embedded | v2000 |
| amd | epyc | 8004 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1231 | The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set. |
