AMD disclosed a security vulnerability, designated as CVE-2024-36347 with a CVSS score of 6.4, affecting a broad range of processors. This flaw, discovered by Google researchers, lies in the improper signature verification of AMD’s CPU ROM microcode patch loader, allowing attackers with administrative privileges to load unauthorized microcode patches. The vulnerability has serious implications for system integrity and confidentiality, potentially resulting in compromised execution, data breaches, and System Management Mode (SMM) environment threats. While no real-world attacks have been reported, the theoretical impact could be severe, necessitating timely firmware updates to mitigate risks.
Source: https://cybersecuritynews.com/amd-cpu-signature-verification-vulnerability/
"id": "AMD916041125",
"linkid": "AMD",
"type": "Vulnerability",
"date": "4/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"