CVE-2024-36347 — MEDIUM (6.4)

Vulnerability Description

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Related Weaknesses (CWE)

CWE-347

References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html

FAQ

What is CVE-2024-36347?

CVE-2024-36347 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity o...

How severe is CVE-2024-36347?

CVE-2024-36347 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-36347?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.