Security Advisory

CVE-2024-36354

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-06 18:06:43

Last updated 2026-02-26 17:49:09

Assigner AMD

State PUBLISHED

Description

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level.

← Browse all CVEs View on cve.org ↗