CVE-2024-36347

NameCVE-2024-36347
DescriptionAMD CPU Microcode Signature Verification Vulnerability
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Notes

CVE-2024-36347 is unactionable by package amd64-microcode (cf. https://bugs.debian.org/1099830#26)
https://bugzilla.redhat.com/show_bug.cgi?id=2336412
https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html
https://www.openwall.com/lists/oss-security/2025/03/05/3
Kernel stop-gap mitigation: https://www.openwall.com/lists/oss-security/2025/03/06/3
https://git.kernel.org/linus/bb2281fb05e50108ce95c43ab7e701ee564565c8
Search for package or bug name: Reporting problems