Description

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level.

INFO

Published Date :

2025-09-06T18:06:43.084Z

Last Modified :

2026-02-26T17:49:09.189Z

Source :

AMD
AFFECTED PRODUCTS

The following products are affected by CVE-2024-36354 vulnerability.

Vendors Products
Amd
  • Athlon
  • Athlon 3000
  • Epyc
  • Epyc 4004
  • Epyc 7001
  • Epyc 7002
  • Epyc 7003
  • Epyc 8004
  • Epyc 9004
  • Epyc Embedded 3000
  • Epyc Embedded 7002
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-36354.

URL Resource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3014.html cve-icon cve-icon
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html cve-icon cve-icon
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact