CVE-2024-36347

medium

Description

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.

References

https://www.theregister.com/2025/04/08/patch_tuesday_microsoft/

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html

Details

Source: Mitre, NVD

Published: 2025-06-27

Updated: 2025-06-30

Risk Information

CVSS v2

Base Score: 5.9

Vector: CVSS2#AV:L/AC:H/Au:M/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 6.4

Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: Medium

EPSS

EPSS: 0.00013