CVE-2024-36347 - Vulnerability Details

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

No data.

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2024-36347
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html
https://www.cve.org/CVERecord?id=CVE-2024-36347

History

Mon, 30 Jun 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 27 Jun 2025 22:30:00 +0000

Type	Values Removed	Values Added
Description	A flaw was found in AMD processors. This flaw allows an attacker with system administration privileges to exploit an issue in the signature verification in the AMD CPU ROM microcode patch loader, allowing the load of malicious microcode. This issue could impact the integrity of x86 instruction execution, confidentiality, and data integrity in x86 CPU-privileged context and compromise the SMM execution environment.	Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.
Weaknesses		CWE-347
Metrics	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 6.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

Fri, 07 Mar 2025 02:45:00 +0000

Type	Values Removed	Values Added
Description	No description is available for this CVE.	A flaw was found in AMD processors. This flaw allows an attacker with system administration privileges to exploit an issue in the signature verification in the AMD CPU ROM microcode patch loader, allowing the load of malicious microcode. This issue could impact the integrity of x86 instruction execution, confidentiality, and data integrity in x86 CPU-privileged context and compromise the SMM execution environment.

Thu, 06 Mar 2025 02:00:00 +0000

Type	Values Removed	Values Added
Description		No description is available for this CVE.
Title		kernel: hw:amd: Improper signature verification in AMD CPU ROM microcode patch loader
Weaknesses		CWE-99
References		https://nvd.nist.gov/vuln/detail/CVE-2024-36347 https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html https://www.cve.org/CVERecord?id=CVE-2024-36347
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H'}` threat_severity `Important`

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2025-06-27T22:14:01.944Z

Updated: 2025-07-01T03:55:54.843Z

Reserved: 2024-05-23T19:44:47.201Z

Link: CVE-2024-36347

Vulnrichment

Updated: 2025-06-30T16:20:30.435Z

NVD

Status : Awaiting Analysis

Published: 2025-06-27T23:15:26.037

Modified: 2025-06-30T18:38:23.493

Link: CVE-2024-36347

Redhat

Severity : Important

Publid Date: 2025-03-05T00:00:00Z

Links: CVE-2024-36347 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object