CVE-2024-36311
4.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Summary
A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality, integrity, or availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics | DragonRangeFL1PI 1.0.0.3h | unaffected |
| AMD | AMD Ryzen™ 7000 Series Desktop Processors | ComboAM5PI 1.0.0.b | unaffected |
| AMD | AMD Ryzen™ 7000 Series Desktop Processors | ComboAM5PI 1.1.0.3d | unaffected |
| AMD | AMD Ryzen™ 7000 Series Desktop Processors | ComboAM5PI 1.2.0.3d | unaffected |
| AMD | AMD Ryzen™ 9000HX Series Mobile Processors | FireRangeFL1PI 1.0.0.0a | unaffected |
| AMD | AMD Ryzen™ 8000 Series Desktop Processors | ComboAM5PI 1.1.0.3d | unaffected |
| AMD | AMD Ryzen™ 8000 Series Desktop Processors | ComboAM5PI 1.2.0.3d | unaffected |
| AMD | AMD Ryzen™ 9000 Series Desktop Processors | ComboAM5PI 1.2.0.3d | unaffected |
| AMD | AMD Ryzen™ Embedded 7000 Series Processors | EmbeddedAM5PI 1.0.0.4 | unaffected |
Weaknesses
- CWE-367: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.