CVE-2024-36343

Summary

Improper input validation in the System Management Mode (SMM) communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of Memory Segment (TSEG) memory region, potentially resulting in loss of confidentiality or integrity.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 4004ComboAM5PI 1.1.0.3dunaffected
AMDAMD EPYC™ 4005ComboAM5 1.2.0.3junaffected
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsRembrandtPI-FP7_1.0.0.Bgunaffected
AMDAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7_1.2.0.0funaffected
AMDAMD Ryzen™ 7045 Series Mobile Processors with Radeon™ GraphicsDragonRangeFL1_1.0.0.3lunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5-PI_1.0.0.eunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.1.0.3gunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5 1.2.0.3junaffected
AMDAMD Ryzen™ 9000HX Series Mobile ProcessorsFireRangeFL1PI 1.0.0.0funaffected
AMDAMD Ryzen™ AI MAXStrixHaloPI-FP11_1.0.0.2bunaffected
AMDAMD Ryzen™ AI 300 Series ProcessorsStrixKrackanPI-FP8_1.1.0.0funaffected
AMDAMD Ryzen™ AI 300 Series ProcessorsStrixKrackanPI-FP8_1.1.0.2eunaffected
AMDAMD Ryzen™ Threadripper™ 7000 ProcessorsStormPeakPI-SP6 1.1.0.0kunaffected
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsStormPeakPI-SP6 1.0.0.1munaffected
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsStormPeakPI-SP6_1.1.0.0kunaffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsComboAM5PI 1.1.0.3gunaffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsComboAM5 1.2.0.3junaffected
AMDAMD Ryzen™ 9000 Series Desktop ProcessorsComboAM5 1.2.0.3junaffected
AMDAMD Ryzen™ 9000 Series Desktop ProcessorsComboAM5 1.2.0.3junaffected
AMDAMD Ryzen™ Embedded V3000 Series ProcessorsEmbedded-PI_FP7r2 100Funaffected
AMDAMD Ryzen™ Embedded 7000 Series ProcessorsEmbeddedAM5PI 1.0.0.5unaffected
AMDAMD Ryzen™ Embedded 8000 Series ProcessorsEmbeddedPhoenixPI-FP7r2_1.0.0.4unaffected
AMDAMD Ryzen™ Embedded 9000 Series ProcessorsEmbeddedAM5PI 1.0.0.7unaffected

Weaknesses

  • CWE-124: CWE-124 Buffer Underwrite ('Buffer Underflow')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References