CVE-2024-36347

MEDIUM

AMD CPU ROM - Privilege Escalation

Title source: llm

Description

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.

References (1)

[Vendor Advisory] https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html

Scores

CVSS v3 6.4

EPSS 0.0003

EPSS Percentile 7.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-347

Status published

Products (50)

AMD/AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics ComboAM4PI 1.0.0.D

AMD/AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics ComboAM4v2PI 1.2.0.E

AMD/AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics PicassoPI-FP5 1.0.1.2b

AMD/AMD EPYC™ 4004 Series ComboAM5PI1.0.0.a

AMD/AMD EPYC™ 4004 Series ComboAM5PI1.1.0.3c

AMD/AMD EPYC™ 4004 Series ComboAM5PI1.2.0.3

AMD/AMD EPYC™ 7001 Series NaplesPI 1.0.0.P

AMD/AMD EPYC™ 7002 Series RomePI 1.0.0.L

AMD/AMD EPYC™ 7003 Series MilanPI 1.0.0.F

AMD/AMD EPYC™ 9004 Series Genoa 1.0.0.E

... and 40 more

Published Jun 27, 2025

Tracked Since Feb 18, 2026