CVE-2024-36343
Improper Input Validation in AMD System Management Mode
Publication date: 2026-05-19
Last updated on: 2026-05-19
Assigner: Advanced Micro Devices Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amd | system_management_mode | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-124 | The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper input validation in the System Management Mode (SMM) communications buffer. It could allow a privileged attacker to perform an out of bounds read or write operation to a limited section of the Top of Memory Segment (TSEG) memory region.
Such out of bounds access may lead to potential loss of confidentiality or integrity of the affected memory region.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow a privileged attacker to read or write outside the intended memory boundaries in the TSEG memory region.
This could result in loss of confidentiality, meaning sensitive information might be exposed, or loss of integrity, meaning data could be altered or corrupted.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability could potentially result in loss of confidentiality or integrity due to improper input validation in the System Management Mode communications buffer, which may allow out of bounds read or write operations.
Loss of confidentiality or integrity can impact compliance with standards and regulations such as GDPR and HIPAA, which require protection of sensitive data and maintaining data integrity.
However, specific effects on compliance or mitigation measures are not detailed in the provided information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided about detection methods or commands to identify this vulnerability on a network or system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2024-36343, users should update their system firmware with the latest Platform Initialization (PI) firmware updates provided by their Original Equipment Manufacturer (OEM).
Affected processors include AMD EPYCβ’ 4004, 4005, Embedded Series processors, Ryzen 6000, 7000, 8000, 9000, Threadripper series, and embedded variants.
Firmware updates addressing this vulnerability were released between January 2026 and February 2026.