Vulnerability Description
Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execution.
Related Weaknesses (CWE)
References
- https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html
- https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4013.html
FAQ
What is CVE-2024-36355?
CVE-2024-36355 is a documented vulnerability. Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execu...
How severe is CVE-2024-36355?
CVSS scoring is not yet available for CVE-2024-36355. Check NVD for updates.
Is there a patch for CVE-2024-36355?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.