CVE-2024-36343

MEDIUM

AMD EPYC 4004, 4005, Ryzen 6000, 7040, 7045, 7000 - Buffer Underflow in SMM Communications

Title source: llm

Description

Improper input validation in the System Management Mode (SMM) communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of Memory Segment (TSEG) memory region, potentially resulting in loss of confidentiality or integrity.

References (2)

Core 2

Core References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html

Scores

CVSS v4 4.6

EPSS 0.0001

EPSS Percentile 0.3%

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-124

Status published

Products (22)

AMD/AMD EPYC™ 4004 ComboAM5PI 1.1.0.3d

AMD/AMD EPYC™ 4005 ComboAM5 1.2.0.3j

AMD/AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics RembrandtPI-FP7_1.0.0.Bg

AMD/AMD Ryzen™ 7000 Series Desktop Processors ComboAM5 1.2.0.3j

AMD/AMD Ryzen™ 7000 Series Desktop Processors ComboAM5-PI_1.0.0.e

AMD/AMD Ryzen™ 7000 Series Desktop Processors ComboAM5PI 1.1.0.3g

AMD/AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics PhoenixPI-FP8-FP7_1.2.0.0f

AMD/AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics DragonRangeFL1_1.0.0.3l

AMD/AMD Ryzen™ 8000 Series Desktop Processors ComboAM5 1.2.0.3j

AMD/AMD Ryzen™ 8000 Series Desktop Processors ComboAM5PI 1.1.0.3g

... and 12 more

Published May 19, 2026

Tracked Since May 19, 2026