Improper Input Validation in AMD OverDrive System Management Mode
CVE-2024-36345

4.6MEDIUM

Key Information:

Vendor: Amd
Status: Amd Epyc™ 4004; Amd Epyc™ 4005; Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics; Amd Ryzen™ 7040 Series Mobile Processors With Radeon™ Graphics
Vendor: CVE Published:; 15 May 2026

What is CVE-2024-36345?

An issue has been discovered in the AMD OverDrive System Management Mode (SMM) module where improper input validation can allow a privileged attacker to perform out-of-bounds read operations. This vulnerability poses a risk to the confidentiality of the system, potentially exposing sensitive information.

Affected Version(s)

AMD EPYC™ 4004 ComboAM5PI 1.1.0.3d

AMD EPYC™ 4005 ComboAM5 1.2.0.3j

AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics RembrandtPI-FP7_1.0.0.Bg

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
May 23, 2024

CVE-2024-36345 Data

JSON

Amd

What is CVE-2024-36345?

Affected Version(s)

References

CVSS V4

Timeline