CVE-2024-36343

Published: May 19, 2026

Modified: May 20, 2026

PUBLISHED

Description

Improper input validation in the System Management Mode (SMM) communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of Memory Segment (TSEG) memory region, potentially resulting in loss of confidentiality or integrity.

Vendor	Product	Versions
AMD	AMD EPYC™ 4004	unaffected `ComboAM5PI 1.1.0.3d`
AMD	AMD EPYC™ 4005	unaffected `ComboAM5 1.2.0.3j`
AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics	unaffected `RembrandtPI-FP7_1.0.0.Bg`
AMD	AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics	unaffected `PhoenixPI-FP8-FP7_1.2.0.0f`
AMD	AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics	unaffected `DragonRangeFL1_1.0.0.3l`
AMD	AMD Ryzen™ 7000 Series Desktop Processors	unaffected `ComboAM5-PI_1.0.0.e` unaffected `ComboAM5PI 1.1.0.3g` unaffected `ComboAM5 1.2.0.3j`
AMD	AMD Ryzen™ 9000HX Series Mobile Processors	unaffected `FireRangeFL1PI 1.0.0.0f`
AMD	AMD Ryzen™ AI MAX	unaffected `StrixHaloPI-FP11_1.0.0.2b`
AMD	AMD Ryzen™ AI 300 Series Processors	unaffected `StrixKrackanPI-FP8_1.1.0.0f` unaffected `StrixKrackanPI-FP8_1.1.0.2e`
AMD	AMD Ryzen™ Threadripper™ 7000 Processors	unaffected `StormPeakPI-SP6 1.1.0.0k`
AMD	AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors	unaffected `StormPeakPI-SP6 1.0.0.1m` unaffected `StormPeakPI-SP6_1.1.0.0k`
AMD	AMD Ryzen™ 8000 Series Desktop Processors	unaffected `ComboAM5PI 1.1.0.3g`
AMD	AMD Ryzen™ 8000 Series Desktop Processors	unaffected `ComboAM5 1.2.0.3j`
AMD	AMD Ryzen™ 9000 Series Desktop Processors	unaffected `ComboAM5 1.2.0.3j`
AMD	AMD Ryzen™ 9000 Series Desktop Processors	unaffected `ComboAM5 1.2.0.3j`
AMD	AMD Ryzen™ Embedded V3000 Series Processors	unaffected `Embedded-PI_FP7r2 100F`
AMD	AMD Ryzen™ Embedded 7000 Series Processors	unaffected `EmbeddedAM5PI 1.0.0.5`
AMD	AMD Ryzen™ Embedded 8000 Series Processors	unaffected `EmbeddedPhoenixPI-FP7r2_1.0.0.4`
AMD	AMD Ryzen™ Embedded 9000 Series Processors	unaffected `EmbeddedAM5PI 1.0.0.7`

Weaknesses (CWE)

CWE-124

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-36343

Description

Affected Products

Weaknesses (CWE)

References