Improper Input Validation in DIMM SPD Metadata for AMD Products
CVE-2024-36354

7.5HIGH

Key Information:

Vendor

Amd
Status
Amd Ryzen™ Threadripper™ 3000 Processors
Amd Ryzen™ Threadripper™ Pro 5000 Wx-series Processors
Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics
Amd Ryzen™ Threadripper™ Pro 3000 Wx-series Processors
Vendor
CVE Published:
6 September 2025

What is CVE-2024-36354?

A vulnerability has been identified in AMD DIMM products where improper input validation for the DIMM Serial Presence Detect (SPD) metadata can be exploited. An attacker with physical access or control over the Root of Trust for BIOS updates could potentially bypass System Management Mode (SMM) isolation. This could lead to unauthorized access and arbitrary code execution at the SMM level, raising significant security concerns for users and systems utilizing affected AMD processor families.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics ComboAM4PI_1.0.0.C

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics PicassoPI-FP5_1.0.1.2a

AMD EPYC™ 4004 Series Processors ComboAM5PI_1.2.0.2a

References

https://www.amd.com/en/resources/product-security/bulleti...
https://www.amd.com/en/resources/product-security/bulleti...
https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.