Description

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execution.

INFO

Published Date :

2026-02-10T19:28:04.884Z

Last Modified :

2026-02-12T17:49:05.987Z

Source :

AMD
AFFECTED PRODUCTS

The following products are affected by CVE-2024-36355 vulnerability.

Vendors Products
Amd
  • Epyc 9004 Series Processors
  • Epyc Embedded 9004 Series Processors
  • Ryzen 5000 Series Desktop Processors
  • Ryzen 5000 Series Desktop Processors With Radeon Graphics
  • Ryzen 5000 Series Mobile Processors With Radeon Graphics
  • Ryzen 5000 Series Processors With Radeon Graphics
  • Ryzen 6000 Series Processors With Radeon Graphics
  • Ryzen 7000 Series Desktop Processors
  • Ryzen 7040 Series Mobile Processors With Radeon Graphics
  • Ryzen 8000 Series Desktop
  • Ryzen Embedded 5000 Series Processors
  • Ryzen Embedded 7000 Series Processors
  • Ryzen Embedded 8000 Series Processors
  • Ryzen Embedded R1000 Series Processors
  • Ryzen Embedded R2000 Series Processors
  • Ryzen Embedded V1000 Series Processors
  • Ryzen Embedded V2000 Series Processors
  • Ryzen Embedded V3000 Series Processors
  • Ryzen Threadripper 7000 Processor
  • Ryzen Threadripper Pro 3000 Wx-series Processors
  • Ryzen Threadripper Pro 5000 Wx-series Processors
  • Ryzen Threadripper Pro 7000 Wx-series Processors
  • Ryzen Z1 Series Processors
  • Ryzen Z2 Series Processors
  • Ryzen Z2 Series Processors Go
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-36355.

URL Resource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html cve-icon cve-icon
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4013.html cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability