CVE-2024-36345

Summary

Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 4004ComboAM5PI 1.1.0.3dunaffected
AMDAMD EPYC™ 4005ComboAM5 1.2.0.3junaffected
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsRembrandtPI-FP7_1.0.0.Bgunaffected
AMDAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7_1.2.0.0funaffected
AMDAMD Ryzen™ 7045 Series Mobile Processors with Radeon™ GraphicsDragonRangeFL1_1.0.0.3lunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.0.0.eunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.1.0.3gunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.2.0.3junaffected
AMDAMD Ryzen™ 9000HX Series Mobile ProcessorsFireRangeFL1PI 1.0.0.0funaffected
AMDAMD Ryzen™ AI MAXStrixHaloPI-FP11_1.0.0.2bunaffected
AMDAMD Ryzen™ AI 300 Series ProcessorsStrixKrackanPI-FP8_1.1.0.0funaffected
AMDAMD Ryzen™ AI 300 Series ProcessorsStrixKrackanPI-FP8_1.1.0.2eunaffected
AMDAMD Ryzen™ Threadripper™ 7000 ProcessorsStormPeakPI-SP6 1.1.0.0kunaffected
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsStormPeakPI-SP6 1.0.0.1munaffected
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsStormPeakPI-SP6 1.1.0.0kunaffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsComboAM5PI 1.1.0.3gunaffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsComboAM5PI 1.2.0.3junaffected
AMDAMD Ryzen™ 9000 Series Desktop ProcessorsComboAM5PI 1.2.0.3junaffected
AMDAMD Ryzen™ 9000 Series Desktop ProcessorsComboAM5PI 1.2.0.3junaffected
AMDAMD Ryzen™ 8040 Series Mobile Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7_1.2.0.0funaffected
AMDAMD Ryzen™ Embedded 8000 Series ProcessorsEmbeddedPhoenixPI-FP7r2_1.0.0.4unaffected
AMDAMD Ryzen™ Embedded V3000 Series ProcessorsEmbedded-PI_FP7r2 1012unaffected
AMDAMD Ryzen™ Embedded 7000 Series ProcessorsEmbeddedAM5PI 1.0.0.7unaffected
AMDAMD Ryzen™ Embedded 9000 Series ProcessorsEmbeddedAM5PI 1.0.0.7unaffected

Weaknesses

  • CWE-1274: CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References