| Name | CVE-2024-36347 |
| Description | Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
CVE-2024-36347 is unactionable by package amd64-microcode (cf. https://bugs.debian.org/1099830#26)
https://bugzilla.redhat.com/show_bug.cgi?id=2336412
https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html
https://www.openwall.com/lists/oss-security/2025/03/05/3
Kernel stop-gap mitigation: https://www.openwall.com/lists/oss-security/2025/03/06/3
https://git.kernel.org/linus/bb2281fb05e50108ce95c43ab7e701ee564565c8
https://www.openwall.com/lists/oss-security/2025/11/01/1