CVE-2024-36347 is a medium-severity vulnerability due to improper signature verification in the AMD CPU ROM microcode patch loader. This vulnerability allows an attacker with local administrator privileges to load malicious microcode, which can potentially result in a loss of integrity of x86 instruction execution, as well as a loss of confidentiality and integrity of data in the x86 CPU privileged context. Furthermore, this could compromise the System Management Mode (SMM) execution environment.
The CVSS score for this vulnerability is 6.4, indicating a medium level of severity. The attack vector is local, requiring high privileges, and there is no user interaction necessary. The potential impacts include high confidentiality, integrity, and availability risks. Organizations should be aware of the implications of this vulnerability, as it poses significant risks if exploited.
Currently, there is no known exploit available for this vulnerability, and it is classified as awaiting analysis. However, the risk to organizations includes the potential for an attacker to manipulate the CPU's execution environment, leading to severe data breaches and system integrity issues. Therefore, organizations should prioritize patching immediately.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)