CVE-2024-36355

HIGH

AMD EPYC 9004 Series Processors - Authenticated Out-of-bounds Write in SMM Handler

Title source: llm

Description

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execution.

References (2)

Core 2

Core References

Vendor Advisory

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html

Vendor Advisory

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4013.html

Scores

CVSS v4 7.0

EPSS 0.0001

EPSS Percentile 0.6%

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (40)

AMD/AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics PicassoPI-FP5_1.0.1.2c

AMD/AMD EPYC™ 9004 Series Processors GenoaPI 1.0.0.E

AMD/AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa") EmbGenoaPI-SP5 1.0.0.B

AMD/AMD Ryzen™ 3000 Series Desktop Processors ComboAM4PI 1.0.0.10

AMD/AMD Ryzen™ 3000 Series Desktop Processors ComboAM4v2PI 1.2.0.10

AMD/AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics PicassoPI-FP5_1.0.1.2c

AMD/AMD Ryzen™ 4000 Series Desktop Processors ComboAM4v2PI 1.2.0.10

AMD/AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics RenoirPI-FP6 1.0.0.Eb

AMD/AMD Ryzen™ 5000 Series Desktop Processors ComboAM4v2PI 1.2.0.10

AMD/AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics ComboAM4v2PI 1.2.0.10

... and 30 more

Published Feb 10, 2026

Tracked Since Feb 18, 2026