CVE-2024-36347

kernel: hw:amd: Improper signature verification in AMD CPU ROM microcode patch loader

Description

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.

INFO

Published Date :

2025-06-27T22:14:01.944Z

Last Modified :

2026-02-26T17:50:21.428Z

Source :

AMD

AFFECTED PRODUCTS

The following products are affected by CVE-2024-36347 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-36347.

URL	Resource
https://nvd.nist.gov/vuln/detail/CVE-2024-36347
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html
https://www.cve.org/CVERecord?id=CVE-2024-36347

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact