Improper Input Validation in AMD System Management Mode Communications
CVE-2024-36343

4.6MEDIUM

Key Information:

Vendor: Amd
Status: Amd Epyc™ 4004; Amd Epyc™ 4005; Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics; Amd Ryzen™ 7040 Series Mobile Processors With Radeon™ Graphics
Vendor: CVE Published:; 19 May 2026

What is CVE-2024-36343?

An improper input validation vulnerability exists in the System Management Mode (SMM) communications buffer within AMD processors. This flaw could enable a privileged attacker to execute out-of-bounds read or write operations within the Top of Memory Segment (TSEG) memory region. Such exploitation may lead to significant risks, compromising both confidentiality and integrity of the system's sensitive information.

Affected Version(s)

AMD EPYC™ 4004 ComboAM5PI 1.1.0.3d

AMD EPYC™ 4005 ComboAM5 1.2.0.3j

AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics RembrandtPI-FP7_1.0.0.Bg

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
May 23, 2024

CVE-2024-36343 Data

JSON

Amd

What is CVE-2024-36343?

Affected Version(s)

References

CVSS V4

Timeline