CVE-2024-36347

{"id": "CVE-2024-36347", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@amd.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}]}, "published": "2025-06-27T23:15:26.037", "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html", "source": "psirt@amd.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@amd.com", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment."}, {"lang": "es", "value": "La verificaci\u00f3n de firma incorrecta en AMD CPU ROM microcode patch loader puede permitir que un atacante con privilegios de administrador local cargue microc\u00f3digo malicioso, lo que podr\u00eda resultar en la p\u00e9rdida de integridad de la ejecuci\u00f3n de instrucciones x86, p\u00e9rdida de confidencialidad e integridad de los datos en el contexto privilegiado de la CPU x86 y compromiso del entorno de ejecuci\u00f3n de SMM."}], "lastModified": "2025-06-30T18:38:23.493", "sourceIdentifier": "psirt@amd.com"}