CVE-2024-36345 PUBLISHED

Assigner: AMD
Reserved: 23.05.2024 Published: 15.05.2026 Updated: 15.05.2026

Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 4.6

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	Low	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	None	Availability	None	Availability	None
Privileges Required	High
User Interaction	None

CVSS 4.0

Product Status

Vendor	AMD
Product	AMD EPYC™ 4004
Versions	Default: affected Version ComboAM5PI 1.1.0.3d is unaffected

Vendor	AMD
Product	AMD EPYC™ 4005
Versions	Default: affected Version ComboAM5 1.2.0.3j is unaffected

Vendor	AMD
Product	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
Versions	Default: affected Version RembrandtPI-FP7_1.0.0.Bg is unaffected

Vendor	AMD
Product	AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version PhoenixPI-FP8-FP7_1.2.0.0f is unaffected

Vendor	AMD
Product	AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version DragonRangeFL1_1.0.0.3l is unaffected

Vendor	AMD
Product	AMD Ryzen™ 7000 Series Desktop Processors
Versions	Default: affected Version ComboAM5PI 1.0.0.e is unaffected Version ComboAM5PI 1.1.0.3g is unaffected Version ComboAM5PI 1.2.0.3j is unaffected

Vendor	AMD
Product	AMD Ryzen™ 9000HX Series Mobile Processors
Versions	Default: affected Version FireRangeFL1PI 1.0.0.0f is unaffected

Vendor	AMD
Product	AMD Ryzen™ AI MAX
Versions	Default: affected Version StrixHaloPI-FP11_1.0.0.2b is unaffected

Vendor	AMD
Product	AMD Ryzen™ AI 300 Series Processors
Versions	Default: affected Version StrixKrackanPI-FP8_1.1.0.0f is unaffected Version StrixKrackanPI-FP8_1.1.0.2e is unaffected

Vendor	AMD
Product	AMD Ryzen™ Threadripper™ 7000 Processors
Versions	Default: affected Version StormPeakPI-SP6 1.1.0.0k is unaffected

Vendor	AMD
Product	AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors
Versions	Default: affected Version StormPeakPI-SP6 1.0.0.1m is unaffected Version StormPeakPI-SP6 1.1.0.0k is unaffected

Vendor	AMD
Product	AMD Ryzen™ 8000 Series Desktop Processors
Versions	Default: affected Version ComboAM5PI 1.1.0.3g is unaffected Version ComboAM5PI 1.2.0.3j is unaffected

Vendor	AMD
Product	AMD Ryzen™ 9000 Series Desktop Processors
Versions	Default: affected Version ComboAM5PI 1.2.0.3j is unaffected

Vendor	AMD
Product	AMD Ryzen™ 9000 Series Desktop Processors
Versions	Default: affected Version ComboAM5PI 1.2.0.3j is unaffected

Vendor	AMD
Product	AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version PhoenixPI-FP8-FP7_1.2.0.0f is unaffected

Vendor	AMD
Product	AMD Ryzen™ Embedded 8000 Series Processors
Versions	Default: affected Version EmbeddedPhoenixPI-FP7r2_1.0.0.4 is unaffected

Vendor	AMD
Product	AMD Ryzen™ Embedded V3000 Series Processors
Versions	Default: affected Version Embedded-PI_FP7r2 1012 is unaffected

Vendor	AMD
Product	AMD Ryzen™ Embedded 7000 Series Processors
Versions	Default: affected Version EmbeddedAM5PI 1.0.0.7 is unaffected

Vendor	AMD
Product	AMD Ryzen™ Embedded 9000 Series Processors
Versions	Default: affected Version EmbeddedAM5PI 1.0.0.7 is unaffected

References

Problem Types

CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code CWE