#VU109619 Improper Verification of Cryptographic Signature in AMD products - CVE-2024-36347
Published: May 21, 2025
Vulnerability identifier: #VU109619
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-36347
CWE-ID: CWE-347
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
AMD EPYC 7001 Processors
AMD EPYC Embedded 7002
AMD EPYC Embedded 7003
AMD EPYC Embedded 9004
AMD Ryzen 5000 Series Desktop processor
AMD Ryzen 3000 Series Desktop processor
AMD Ryzen 7000 Series Desktop Processors
AMD Ryzen 8000 Series Processors with Radeon Graphics
AMD Ryzen 4000 Series Desktop processors with Radeon graphics
AMD Ryzen Threadripper 3000 Series Processors
AMD Ryzen Threadripper 7000 Series Processors
AMD Ryzen Threadripper PRO 3000WX Series Processors
AMD EPYC 7001 Processors
AMD EPYC Embedded 7002
AMD EPYC Embedded 7003
AMD EPYC Embedded 9004
AMD Ryzen 5000 Series Desktop processor
AMD Ryzen 3000 Series Desktop processor
AMD Ryzen 7000 Series Desktop Processors
AMD Ryzen 8000 Series Processors with Radeon Graphics
AMD Ryzen 4000 Series Desktop processors with Radeon graphics
AMD Ryzen Threadripper 3000 Series Processors
AMD Ryzen Threadripper 7000 Series Processors
AMD Ryzen Threadripper PRO 3000WX Series Processors
Software vendor:
AMD
AMD
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper signature verification of x86 instruction execution. A local privileged user can load malicious microcode and execute it on the system.
Remediation
Install updates from vendor's website.