ByteOS Network

CVE Vulnerability Details :

CVE-2024-36345

PUBLISHED

More Info Official Page

Assigner-AMD

Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648

Published At-15 May, 2026 | 01:42

Updated At-15 May, 2026 | 13:29

▼CVE Numbering Authority (CNA)

Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality.

Affected Products

Vendor

Advanced Micro Devices, Inc.

Product

AMD EPYC™ 4004

Default Status

affected

Versions

Unaffected

ComboAM5PI 1.1.0.3d

Vendor

Advanced Micro Devices, Inc.

Product

AMD EPYC™ 4005

Default Status

affected

Versions

Unaffected

ComboAM5 1.2.0.3j

Vendor

Advanced Micro Devices, Inc.

Product

AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics

Default Status

affected

Versions

Unaffected

RembrandtPI-FP7_1.0.0.Bg

Vendor

Advanced Micro Devices, Inc.

Product

AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics

Default Status

affected

Versions

Unaffected

PhoenixPI-FP8-FP7_1.2.0.0f

Vendor

Advanced Micro Devices, Inc.

Product

AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics

Default Status

affected

Versions

Unaffected

DragonRangeFL1_1.0.0.3l

Vendor

Advanced Micro Devices, Inc.

Product

AMD Ryzen™ 7000 Series Desktop Processors

Default Status

affected

Versions

Unaffected

ComboAM5PI 1.0.0.e
ComboAM5PI 1.1.0.3g
ComboAM5PI 1.2.0.3j

Vendor

Advanced Micro Devices, Inc.

Product

AMD Ryzen™ 9000HX Series Mobile Processors

Default Status

affected

Versions

Unaffected

FireRangeFL1PI 1.0.0.0f

Vendor

Advanced Micro Devices, Inc.

Product

AMD Ryzen™ AI MAX

Default Status

affected

Versions

Unaffected

StrixHaloPI-FP11_1.0.0.2b

Vendor

Advanced Micro Devices, Inc.

Product

AMD Ryzen™ AI 300 Series Processors

Default Status

affected

Versions

Unaffected

StrixKrackanPI-FP8_1.1.0.0f
StrixKrackanPI-FP8_1.1.0.2e

Vendor

Advanced Micro Devices, Inc.

Product

AMD Ryzen™ Threadripper™ 7000 Processors

Default Status

affected

Versions

Unaffected

StormPeakPI-SP6 1.1.0.0k

Vendor

Advanced Micro Devices, Inc.

Product

AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors

Default Status

affected

Versions

Unaffected

StormPeakPI-SP6 1.0.0.1m
StormPeakPI-SP6 1.1.0.0k

Vendor

Advanced Micro Devices, Inc.

Product

AMD Ryzen™ 8000 Series Desktop Processors

Default Status

affected

Versions

Unaffected

ComboAM5PI 1.1.0.3g
ComboAM5PI 1.2.0.3j

Vendor

Advanced Micro Devices, Inc.

Product

AMD Ryzen™ 9000 Series Desktop Processors

Default Status

affected

Versions

Unaffected

ComboAM5PI 1.2.0.3j

Vendor

Advanced Micro Devices, Inc.

Product

AMD Ryzen™ 9000 Series Desktop Processors

Default Status

affected

Versions

Unaffected

ComboAM5PI 1.2.0.3j

Vendor

Advanced Micro Devices, Inc.

Product

AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics

Default Status

affected

Versions

Unaffected

PhoenixPI-FP8-FP7_1.2.0.0f

Vendor

Advanced Micro Devices, Inc.

Product

AMD Ryzen™ Embedded 8000 Series Processors

Default Status

affected

Versions

Unaffected

EmbeddedPhoenixPI-FP7r2_1.0.0.4

Vendor

Advanced Micro Devices, Inc.

Product

AMD Ryzen™ Embedded V3000 Series Processors

Default Status

affected

Versions

Unaffected

Embedded-PI_FP7r2 1012

Vendor

Advanced Micro Devices, Inc.

Product

AMD Ryzen™ Embedded 7000 Series Processors

Default Status

affected

Versions

Unaffected

EmbeddedAM5PI 1.0.0.7

Vendor

Advanced Micro Devices, Inc.

Product

AMD Ryzen™ Embedded 9000 Series Processors

Default Status

affected

Versions

Unaffected

EmbeddedAM5PI 1.0.0.7

Problem Types

Type	CWE ID	Description
CWE	CWE-1274	CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code

Type: CWE

CWE ID: CWE-1274

Description: CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code

Metrics

Version	Base score	Base severity	Vector
4.0	4.6	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Version: 4.0

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

References

Hyperlink	Resource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html	N/A
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html	N/A

Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html

Resource: N/A

Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References