CVE-2024-36347

Summary

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 7001 SeriesNaplesPI 1.0.0.Punaffected
AMDAMD EPYC™ 7002 SeriesRomePI 1.0.0.Lunaffected
AMDAMD EPYC™ 7003 SeriesMilanPI 1.0.0.Funaffected
AMDAMD EPYC™ 9004 SeriesGenoa 1.0.0.Eunaffected
AMDAMD EPYC™ 4004 SeriesComboAM5PI1.0.0.aunaffected
AMDAMD EPYC™ 4004 SeriesComboAM5PI1.1.0.3cunaffected
AMDAMD EPYC™ 4004 SeriesComboAM5PI1.2.0.3unaffected
AMDAMD EPYC™ 9005 SeriesTurinPI 1.0.0.4unaffected
AMDAMD Instinct™ MI300AMI300PI_SR5 1.0.0.8unaffected
AMDAMD Ryzen™ 5000 Series Desktop ProcessorsComboAM4v2PI 1.2.0.Eunaffected
AMDAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ GraphicsComboAM4v2PI 1.2.0.Eunaffected
AMDAMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4PI 1.0.0.Dunaffected
AMDAMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4v2PI 1.2.0.Eunaffected
AMDAMD Athlon™ 3000 Series Desktop Processors with Radeon™ GraphicsComboAM4PI 1.0.0.Dunaffected
AMDAMD Athlon™ 3000 Series Desktop Processors with Radeon™ GraphicsComboAM4v2PI 1.2.0.Eunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.0.0.aunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.1.0.3cunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.2.0.3unaffected
AMDAMD Ryzen™ 4000 Series Desktop Processor with Radeon™ GraphicsComboAM4v2PI 1.2.0.Eunaffected
AMDAMD Ryzen™ 8000 Series Processor with Radeon™ GraphicsComboAM5PI 1.1.0.3cunaffected
AMDAMD Ryzen™ 8000 Series Processor with Radeon™ GraphicsComboAM5PI 1.2.0.3unaffected
AMDAMD Ryzen™ 9000 Series Desktop ProcessorsComboAM5PI 1.2.0.3cunaffected
AMDAMD Ryzen™ Threadripper™ 3000 Series ProcessorsCastlePeakPI-SP3r3 1.0.0.Eunaffected
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsStormPeakPI-SP6 1.0.0.1kunaffected
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsStormPeakPI-SP6 1.1.0.0iunaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsChagallWSPI-sWRX8 1.0.0.Bunaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsCastlePeakWSPI-sWRX8 1.0.0.gunaffected
AMDAMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop ProcessorsChagallWSPI-sWRX8 1.0.0.Bunaffected
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsPicassoPI-FP5 1.0.1.2bunaffected
AMDAMD Ryzen™ 3000 Series Mobile Processor with Radeon™ GraphicsPicassoPI-FP5 1.0.1.2bunaffected
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsRenoirPI-FP6 1.0.0.Ebunaffected
AMDAMD Ryzen™ 5000 Series Processors with Radeon™ GraphicsCezannePI-FP6 1.0.1.1bunaffected
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsMendocinoPI-FT6 1.0.0.7bunaffected
AMDAMD Ryzen™ 6000 Series Processor with Radeon™ GraphicsRembrandtPI-FP7 1.0.0.Bbunaffected
AMDAMD Ryzen™ 7035 Series Processor with Radeon™ GraphicsRembrandtPI-FP7 1.0.0.Bbunaffected
AMDAMD Ryzen™ 7000 Series Processors with Radeon™ GraphicsCezannePI-FP6 1.0.1.1bunaffected
AMDAMD Ryzen™ 7040 Series Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7 1.2.0.0unaffected
AMDAMD Ryzen™ 8040 Series Mobile Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7 1.2.0.0unaffected
AMDAMD Ryzen™ 7045 Series Mobile ProcessorsDragonRangeFL1 1.0.0.3gunaffected
AMDAMD Ryzen™ AI 300 SeriesStrixKrakenPI-FP8_1.1.0.0bunaffected
AMDAMD Ryzen™ AI Max +StrixHaloPI-FP11_1.0.0.1unaffected
AMDAMD Ryzen™ 9000HX Series Mobile ProcessorsFireRangeFL1PI 1.0.0.0aunaffected
AMDAMD EPYC™ Embedded 3000SnowyOwl PI 1.1.0.Eunaffected
AMDAMD EPYC™ Embedded 7002EmbRomePI-SP3 1.0.0.Dunaffected
AMDAMD EPYC™ Embedded 7003EmbMilan PI-SP3 1.0.0.Aunaffected
AMDAMD EPYC™ Embedded 8004EmbGenoaPI-SP5 1.0.0.9unaffected
AMDAMD EPYC™ Embedded 9004EmbGenoaPI-SP5 1.0.0.9unaffected
AMDAMD EPYC™ Embedded 97X4EmbGenoaPI-SP5 1.0.0.9unaffected
AMDAMD Ryzen™ Embedded R1000EmbeddedPI-FP5 1.2.0.Funaffected
AMDAMD Ryzen™ Embedded R2000EmbeddedR2KPI 1.0.0.5unaffected
AMDAMD Ryzen™ Embedded 5000EmbAM4PI 1.0.0.7unaffected
AMDAMD Ryzen™ Embedded 7000EmbeddedAM5PI 1.0.0.3unaffected
AMDAMD Ryzen™ Embedded V1000EmbeddedPI-FP5 1.2.0.Funaffected
AMDAMD Ryzen™Embedded V2000EmbeddedPI-FP6 1.0.0.Bunaffected
AMDAMD Ryzen™Embedded V3000EmbeddedPI-FP7R2 1.0.0.Cunaffected

Weaknesses

  • CWE-347: CWE-347 Improper Verification of Cryptographic Signature

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References