Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-36347
CVE-2024-36347:
Linux Ubuntu vulnerability analysis and mitigation
Overview
A vulnerability has been identified in AMD CPU ROM microcode patch loader (CVE-2024-36347) that involves improper signature verification. The vulnerability was disclosed on June 27, 2025, affecting AMD Ryzen™ Threadripper™ 3000 Series Processors (formerly codenamed 'Castle Peak' HEDT). This security flaw has been assigned a CVSS v3.1 base score of 6.4 (Medium) (NVD, AMD Bulletin).
Technical details
The vulnerability is classified as CWE-347 (Improper Verification of Cryptographic Signature). The technical assessment reveals that the flaw exists in the signature verification mechanism of the AMD CPU ROM microcode patch loader. The vulnerability has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements, high attack complexity, and high privileges needed for exploitation (NVD).
Impact
The exploitation of this vulnerability can lead to multiple severe consequences: loss of integrity in x86 instruction execution, compromise of confidentiality and integrity of data in x86 CPU privileged context, and potential compromise of the System Management Mode (SMM) execution environment (NVD).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management