Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level.
History

Sat, 06 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Description Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level.
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2025-09-06T18:06:43.084Z

Reserved: 2024-05-23T19:44:50.000Z

Link: CVE-2024-36354

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-09-06T18:15:40.297

Modified: 2025-09-06T18:15:40.297

Link: CVE-2024-36354

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.