Improper Input Validation in AMD Products
CVE-2024-36310

4.6MEDIUM

Key Information:

Vendor: Amd
Status: Amd Epyc™ 9004 Series Processors; Amd Epyc™ 9005 Series Processors; Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics; Amd Ryzen™ 7040 Series Mobile Processors With Radeon™ Graphics
Vendor: CVE Published:; 10 February 2026

What is CVE-2024-36310?

The vulnerability stems from improper input validation within the SMM (System Management Mode) communications buffer of affected AMD products. This flaw may enable an attacker with privileged access to execute out-of-bounds read or write operations to the SMRAM (System Management RAM), potentially compromising the confidentiality and integrity of sensitive data. It is essential for users to apply the recommended patches to mitigate this security risk effectively.

Affected Version(s)

AMD EPYC™ 9004 Series Processors GenoaPI 1.0.0.F

AMD EPYC™ 9005 Series Processors TurinPI 1.0.0.4

AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa") EmbGenoaPI-SP5 1.0.0.B

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2026
Vulnerability Reserved
May 23, 2024

CVE-2024-36310 Data

JSON

Amd

What is CVE-2024-36310?

Affected Version(s)

References

CVSS V4

Timeline