Improper CPU Cache Memory Initialization in AMD Products
CVE-2024-36331

3.2LOW

Key Information:

Vendor: Amd
Status: Amd Epyc™ 9004 Series Processors; Epyc™ Embedded 9004 Series Processors; Amd Epyc™ Embedded 9004 Series Processors
Vendor: CVE Published:; 6 September 2025

What is CVE-2024-36331?

An improper initialization of CPU cache memory in AMD SEV-SNP enables a privileged attacker with hypervisor access to potentially overwrite guest memory. This poses a significant risk to data integrity as it allows for unauthorized modification of sensitive information stored in guest virtual machines.

Affected Version(s)

AMD EPYC™ 9004 Series Processors GenoaPI_1.0.0.F

AMD EPYC™ Embedded 9004 Series Processors EmbGenoaPI-1.0.0.A

EPYC™ Embedded 9004 Series Processors EmbGenoaPI-1.0.0.A

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2025
Vulnerability Reserved
May 23, 2024

Amd

What is CVE-2024-36331?

Affected Version(s)

References

CVSS V3.1

Timeline