AMD Client Vulnerabilities – August 2025
Summary
Potential vulnerabilities in AMD Client Processor platforms that affect SMM, ASP, and other platform components, were found during audits performed internally and by third parties.
CVE Details
Refer to Glossary for explanation of terms
CVE |
CVE Description |
CVSS Score |
CVE-2024-36326 |
Missing authorization in AMD Rom Armor could allow an attacker to bypass ROM Armor protections during system resume from a standby state, potentially resulting in a loss of confidentiality and integrity. |
8.4 (High) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 8.4 (High) CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
CVE-2021-26383 |
Insufficient bounds checking in AMD Trusted Execution Environment (TEE) could allow an attacker with a compromised userspace to invoke a command with malformed arguments, leading to out of bounds memory access, potentially resulting in loss of integrity or availability. |
7.9 (High) CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H 6.8 Medium CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N |
CVE-2024-21947 |
Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory, potentially resulting in arbitrary code execution at the SMM level. |
7.5 (High) CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 7.1 (High) CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
CVE-2023-31325 |
Improper isolation of shared resources on System-on-a-chip (SOC) could allow a privileged attacker to tamper with the contents of the PSP reserved DRAM region, potentially resulting in loss of confidentiality and integrity. |
7.2 (High) CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N 7.0 (High) CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
CVE-2025-0032 |
Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution. |
7.2 (High) CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N 7.0 (High) CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
CVE-2024-36354 |
Improper input validation in the boot loader could allow a privileged attacker to modify serial presence detect (SPD) metadata, potentially resulting in loss of integrity. |
5.3 (Medium) CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 7.2 (High) CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
CVE-2023-20572 |
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity. |
5.3 (Medium) CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.6 (Medium) CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
CVE-2021-46757 |
Failure to validate the integrity of firmware images read from SPI flash from the bootloader may allow an attacker to perform out-of-bounds memory reads, leading to a denial of service. |
4.7 (Medium) CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H 5.6 (Medium) CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N |
|
Improper validation of an array index in the AMD Power Management Firmware could allow a privileged attacker to corrupt AGESA™ memory, potentially leading to a loss of integrity. |
4.4 (Medium) CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 6.7 (Medium) CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
CVE-2021-26377 |
Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential denial of service. |
4.1 (Medium) CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 5.6 (Medium) CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
CVE-2024-21977 |
Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests. |
3.2 (Low) CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N 4.6 (Medium) CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
CVE-2021-46750 |
Failure to validate the address and size in Trusted Execution Environment (TEE) may allow a malicious x86 attacker to send malformed messages to the graphics mailbox, resulting in an overlap of a Trusted Memory Region (TMR) that was previously allocated by the ASP bootloader, leading to a potential loss of integrity. |
3.0 (Low) CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N 1.8 (Low) CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
CVE-2023-31326 |
Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from a Trusted Execution Environment (TEE) driver, potentially leading to loss of confidentiality. |
2.8 (Low) CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N 2 (Low) CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
CVE-2023-31330 |
An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious bootloader to potentially read sensitive memory resulting in loss of confidentiality. |
2.5 (Low) CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 1.8 (Low) CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
CVE-2023-20540 |
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity. |
2.5 (Low) CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N 1.8 (Low) CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Affected Products and Mitigation
AMD recommends updating to the Platform Initialization (PI) firmware version indicated below (note the PI firmware versions were released by AMD to the Original Equipment Manufacturers (OEM) on the dates listed below). Please contact your OEM for the BIOS update specific to your product(s).
*Note: Products believed to not be affected by the listed CVEs are not included.
AMD™ Athlon Mobile Processors
Program |
Former Codename |
CVE |
Fix Version |
Date Fix Released |
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics |
"Dali" |
CVE-2021-26377 |
PicassoPI-FP5 1.0.0.E |
2022-07-29 |
CVE-2024-36354 |
PicassoPI-FP5 1.0.1.2a |
2024-10-11 |
||
CVE-2024-21970 |
Picasso-FP5 1.0.1.2 |
2024-08-06 |
||
CVE-2023-20572 CVE-2023-31330 |
Picasso-FP5 1.0.1.1 |
2024-03-07 |
||
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics |
"Picasso" |
CVE-2021-46750 CVE-2021-26377 |
PicassoPI-FP5 1.0.0.E |
2022-07-29 |
CVE-2024-36354 |
PicassoPI-FP5 1.0.1.2a |
2024-10-11 |
||
CVE-2024-21970 |
Picasso-FP5 1.0.1.2 |
2024-08-06 |
||
CVE-2023-20572 CVE-2023-31330 |
Picasso-FP5 1.0.1.1 |
2024-03-07 |
||
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics |
"Pollock" |
CVE-2024-36354 |
PollockPI-FT5 1.0.0.8a |
2024-10-11 |
CVE-2024-21970 |
PollockPI-FT5 1.0.0.8 |
2024-08-06 |
||
CVE-2023-20572 |
Pollock-FT5 1.0.0.7 |
2024-01-16 |
||
CVE-2021-26377 |
PollockPI-FT5 1.0.0.4 |
2022-06-29 |
AMD Ryzen™ Mobile Processors
Program |
Former Codename |
CVE |
Fix Version |
Date Fix Released |
AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics |
"Barcelo" |
CVE-2023-31330 CVE-2024-36354 |
Cezanne-FP6 1.0.1.1a |
2024-10-31 |
CVE-2024-21970 CVE-2024-21977 |
CezannePI-FP6 1.0.1.1 |
2024-07-31 |
||
CVE-2023-20572 CVE-2023-31326 CVE-2024-21947 |
Cezanne-FP6 1.0.1.0 |
2024-01-25 |
||
CVE-2021-26377 |
CezannePI-FP6 1.0.0.8 |
2021-12-08 |
||
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics |
"Cezanne" |
CVE-2023-31330 CVE-2024-36354 |
1.0.1.1a |
2024-10-31 |
CVE-2024-21970 CVE-2024-21977 |
CezannePI-FP6 1.0.1.1 |
2024-07-31 |
||
CVE-2023-20572 CVE-2023-31326 CVE-2024-21947 |
Cezanne-FP6 1.0.1.0 |
2024-01-25 |
||
CVE-2021-26377 CVE-2021-46750 CVE-2021-46757 |
CezannePI-FP6 1.0.0.8 |
2021-12-08 |
||
CVE-2021-26383 |
CezannePI-FP6 1.0.0.6 |
2021-09-15 |
||
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics |
"Lucienne" |
CVE-2023-31330 CVE-2024-36354 |
1.0.1.1a |
2024-10-31 |
CVE-2024-21970 CVE-2024-21977 |
CezannePI-FP6 1.0.1.1 |
2024-07-31 |
||
CVE-2023-20572 CVE-2023-31326 CVE-2024-21947 |
Cezanne-FP6 1.0.1.0 |
2024-01-25 |
||
CVE-2021-26377 CVE-2021-46750 CVE-2021-46757 |
CezannePI-FP6 1.0.0.8 |
2021-12-08 |
||
CVE-2021-26383 |
CezannePI-FP6 1.0.0.6 |
2021-09-15 |
||
AMD Ryzen™ 7030 Series Mobile processors with Radeon™ Graphics |
"Barcelo R" |
CVE-2023-31330 CVE-2024-36354 |
Cezanne-FP6 1.0.1.1a |
2024-10-31 |
CVE-2024-21970 CVE-2024-21977 |
CezannePI-FP6 1.0.1.1 |
2024-07-31 |
||
CVE-2023-20572 CVE-2023-31326 CVE-2024-21947 |
Cezanne-FP6 1.0.1.0 |
2024-01-25 |
||
CVE-2021-26377 |
CezannePI-FP6 1.0.0.8 |
2021-12-08 |
||
AMD Ryzen™ 2000 Series Mobile Processors |
“Raven Ridge” |
CVE-2021-26377 CVE-2021-46750 |
Raven-FP5-AM4 1.1.0.F PinnaclePI-AM4 1.0.0.D ComboAM4PI 1.0.0.9 ComboAM4v2 PI 1.2.0.8 |
2022-07-29 |
AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics |
"Renoir" |
CVE-2023-31330 CVE-2024-36354 |
Renoir-FP6 1.0.0.Ea |
2024-09-19 |
CVE-2024-21970 |
RenoirPI-FP6 1.0.0.E |
2024-08-07 |
||
CVE-2023-20572 CVE-2023-31326 CVE-2024-21947 |
Renoir-FP6 1.0.0.D |
2024-02-29 |
||
CVE-2021-26377 CVE-2021-46750 CVE-2021-46757 |
RenoirPI-FP6 1.0.0.8 |
2022-01-19 |
||
CVE-2021-26383 |
RenoirPI-FP6 1.0.0.7 |
2021-11-20 |
||
AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics |
"Rembrandt" |
CVE-2024-36354 |
RembrandtPI-FP7 1.0.0.Ba |
2024-09-11 |
CVE-2024-21970 CVE-2024-21977 |
RembrandtPI-FP7 1.0.0.B |
2024-07-03 |
||
CVE-2023-20572 CVE-2023-31326 CVE-2023-31330 CVE-2024-21947 |
Rembrandt-FP7 1.0.0.A |
2023-12-28 |
||
AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics |
"Mendocino" |
CVE-2023-20572 CVE-2023-31326 CVE-2023-31330 CVE-2024-21947 CVE-2024-21970 |
MendocinoPI-FT6 1.0.0.6 |
2024-01-03 |
AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics |
"Phoenix" |
CVE-2024-36326 CVE-2024-36354 |
PhoenixPI-FP8-FP7 1.1.8.0 |
2023-12-21 |
CVE-2024-21977 |
PhoenixPI-FP8-FP7 1.1.0.3 |
2024-09-20 |
||
CVE-2023-31326 CVE-2024-21947 |
PhoenixPI-FP8-FP7 1.1.0.2 |
2023-12-18 |
||
CVE-2023-31330 |
PhoenixPI-FP8-FP7 1.1.0.1b |
2023-12-08 |
||
CVE-2023-31325 |
PhoenixPI-FP8-FP7 1.1.0.0 |
2023-10-06 |
||
AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics |
“Hawk Point” |
CVE-2024-21977 |
PhoenixPI-FP8-FP7 1.1.0.3 |
2024-09-20 |
AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics |
|
CVE-2024-36354 |
DragonRangeFL1 1.0.0.3f |
2024-10-25 |
CVE-2024-21977 |
DragonRangeFL1PI 1.0.0.3e |
2024-07-31 |
||
CVE-2024-21947 CVE-2024-21970 |
DragonRangeFL1PI 1.0.0.3D |
2024-01-02 |
||
CVE-2023-31330 |
DragonRangeFL1PI 1.0.0.3C |
2024-01-29 |
||
AMD Ryzen™ AI 300 Series |
"StrixKrackan" |
CVE-2024-36326 |
StrixKrackanPI-FP8 1.1.0.0 |
2024-12-16 |
AMD Ryzen™ Desktop Processors
Program |
Former Codename |
CVE |
Fix Version |
Date Fix Released |
AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics |
"Picasso" |
CVE-2021-26377 CVE-2021-46750 |
ComboAM4v2 PI 1.2.0.8 |
2022-07-29 |
CVE-2024-21947 |
ComboAM4v2PI 1.2.0.CA |
2024-03-14 |
||
CVE-2024-21970 CVE-2024-36354 |
ComboAM4v2PI 1.2.0.D |
2024-11-07 |
||
CVE-2024-36354 |
ComboAM4PI 1.0.0.C |
2024-10-17 |
||
CVE-2023-20572 |
ComboAM4v2PI 1.2.0.CA |
2024-03-14 |
||
CVE-2024-21947 |
ComboAM4 1.0.0.B |
2024-03-20 |
||
CVE-2021-26377 CVE-2021-46750 |
ComboAM4PI 1.0.0.9 |
2022-07-29 |
||
CVE-2024-21970 |
ComboAM4v2PI 1.2.0.D |
2024-11-07 |
||
CVE-2023-31330 |
ComboAM4v2PI 1.2.0.CA |
2024-03-14 |
||
AMD Ryzen™ 5000 Series Desktop Processors |
"Cezanne" |
CVE-2024-21970 CVE-2024-36354 |
ComboAM4v2PI 1.2.0.D |
2024-11-07 |
CVE-2023-20572 CVE-2023-31326 CVE-2023-31330 CVE-2024-21947 |
ComboAM4v2PI 1.2.0.CA |
2024-03-14 |
||
CVE-2021-26377 CVE-2021-26383 CVE-2021-46750 CVE-2021-46757 |
ComboAM4v2 PI 1.2.0.5 |
2021-12-08 |
||
AMD Ryzen™ 3000 Series Desktop Processors |
"Matisse" |
CVE-2021-26377 |
ComboAM4PI 1.0.0.9 |
2022-07-29 |
CVE-2021-26377 |
ComboAM4 V2 PI 1.2.0.8 |
2022-07-29 |
||
CVE-2024-21970 CVE-2024-36354 |
ComboAM4v2PI 1.2.0.D |
2024-11-07 |
||
CVE-2021-46757 |
ComboAM4 V2 PI 1.2.0.6 |
2022-01-07 |
||
CVE-2023-20540 CVE-2023-31330 |
ComboAM4 1.0.0.E |
2025-02-28 |
||
CVE-2024-36354 |
ComboAM4PI 1.0.0.C |
2024-10-17 |
||
CVE-2023-20540 CVE-2023-20572 CVE-2023-31330 CVE-2024-21947 |
ComboAM4v2PI 1.2.0.CA |
2024-03-14 |
||
CVE-2024-21947 |
ComboAM4 1.0.0.B |
2024-03-20 |
||
CVE-2024-21970 CVE-2023-20572 |
ComboAM4PI 1.0.0.F |
2025-04-15 |
||
AMD Ryzen™ 4000 Series Desktop Processors |
"Renoir" |
CVE-2024-21970 CVE-2024-36354 |
ComboAM4v2PI 1.2.0.D |
2024-11-07 |
CVE-2023-20572 CVE-2023-31326 CVE-2023-31330 CVE-2024-21947 |
ComboAM4v2PI 1.2.0.CA |
2024-03-14 |
||
CVE-2021-26377 CVE-2021-26383 CVE-2021-46750 CVE-2021-46757 |
ComboAM4v2 PI 1.2.0.5 |
2022-01-19 |
||
AMD Ryzen™ 5000 Series Desktop Processors |
"Vermeer" |
CVE-2024-21970 CVE-2024-36354 |
ComboAM4v2PI 1.2.0.D |
2024-11-07 |
CVE-2024-21977 |
ComboAM4v2 1.2.0.Cb |
2024-07-30 |
||
CVE-2023-20540 CVE-2023-20572 CVE-2023-31330 CVE-2024-21947 |
ComboAM4v2PI 1.2.0.CA |
2024-03-14 |
||
CVE-2021-26377 |
ComboAM4 V2 PI 1.2.0.8 |
2022-07-29 |
||
CVE-2021-46757 |
ComboAM4 V2 PI 1.2.0.6 |
2022-01-07 |
||
AMD Ryzen™ 8000 Series Desktop Processors |
"Phoenix" |
CVE-2024-36354 |
ComboAM5PI 1.2.0.2a |
2024-10-05 |
CVE-2024-21977 |
ComboAM5 1.2.0.1 |
2024-08-07 |
||
CVE-2024-21947 CVE-2024-21970 |
ComboAM5 1.2.0.0 |
2024-06-13 |
||
CVE-2023-31330 |
ComboAM5 1.1.0.2 |
2024-01-09 |
||
CVE-2023-31325 |
ComboAM5 1.1.0.1 |
2023-11-23 |
||
CVE-2023-20572 |
ComboAM5 1.0.0.7a |
2023-05-05 |
||
AMD Ryzen™ 7000 Series Desktop Processors |
"Raphael" |
CVE-2024-36354 |
ComboAM5PI 1.2.0.2a |
2024-10-05 |
CVE-2024-21977 |
ComboAM5 1.2.0.1 |
2024-08-07 |
||
CVE-2024-21947 CVE-2024-21970 |
ComboAM5 1.2.0.0 |
2024-06-13 |
||
CVE-2023-31330 |
ComboAM5 1.1.0.2 |
2024-01-09 |
||
CVE-2023-20572 |
ComboAM5 1.0.0.7a |
2023-05-05 |
AMD Ryzen™ Threadripper Processors
Program |
Former Codename |
CVE |
Fix Version |
Date Fix Released |
AMD Ryzen™ Threadripper™ 3000 Series Processors |
"CastlePeak" |
CVE-2024-36354 |
CastlePeakPI-SP3r3 1.0.0.D |
2024-11-14 |
CVE-2023-20540 CVE-2023-20572 CVE-2023-31330 CVE-2024-21947 CVE-2024-21970 |
CastlePeakPI-SP3r3 1.0.0.C |
2024-09-03 |
||
CVE-2021-26377 |
CastlePeakPI-SP3r3 1.0.0.7 |
2022-01-28 |
||
AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors |
"CastlePeak" |
CVE-2024-36354 |
CastlePeakWSPI-sWRX8 1.0.0.F |
2024-11-14 |
CVE-2023-20540 CVE-2023-31330 CVE-2024-21947 CVE-2024-21970 CVE-2023-20572 |
CastlePeakWSPI-sWRX8 1.0.0.E |
2024-09-03 |
||
CVE-2021-26377 |
CastlePeakWSPI-sWRX8 1.0.0.9 |
2022-01-20 |
||
AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors |
"Chagall" |
CVE-2024-36354 |
ChagallWSPI-sWRX8 1.0.0.A |
2024-11-20 |
CVE-2023-20540 CVE-2023-20572 CVE-2023-31330 CVE-2024-21970 |
ChagallWSPI-sWRX8 1.0.0.9 |
2024-09-18 |
||
CVE-2024-21977 |
ChagallWSPI-sWRX8 1.0.0.8 |
2024-07-23 |
||
CVE-2024-21947 |
ChagallWSPI-sWRX8 1.0.0.7 |
2024-01-12 |
||
CVE-2021-26377 CVE-2021-46757 |
ChagallWSPI-sWRX8 1.0.0.2 |
2022-01-07 |
||
AMD Ryzen™ Threadripper™ 7000 Processors |
"Storm Peak" |
CVE-2023-20572 CVE-2023-31330 |
StormPeakPI-SP6 1.1.0.0c |
2023-12-18 |
AMD Ryzen™ Threadripper™ PRO 7000WX-Series Processors |
"Storm Peak" |
CVE-2023-20572 CVE-2023-31330 |
StormPeakPI-SP6 1.0.0.1e |
2023-12-18 |
Acknowledgement
AMD thanks researcher “vul_pwner” for participating in the AMD Bug Bounty Program: CVE-2024-21947
Internally found:
CVE-2021-26377, CVE-2021-26383, CVE-2021-46750, CVE-2021-46757, CVE-2023-20540, CVE-2023-20572, CVE-2023-31325, CVE-2023-31326, CVE-2023-31330, CVE-2024-21970, CVE-2024-21977, CVE-2024-36326, CVE-2024-36354, CVE-2025-0032
AMD thanks the following for subsequently reporting CVE-2024-36354 and engaging in coordinated vulnerability disclosure:
Jesse De Meulemeester (COSIC, KU Leuven)
Luca Wilke (University of Lubeck)
Lukas Gerlach (CISPA Helmholtz Center for Information Security)
David Oswald (University of Birmingham)
Jo Van Bulck (DistriNet, KU Leuven)
Revisions
| Revision Date | Description |
| 2025-08-12 | Initial publication |
DISCLAIMER
The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. Any computer system has risks of security vulnerabilities that cannot be completely prevented or mitigated. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale.
AMD, the AMD Arrow logo, AGESA, Athlon, Radeon, Ryzen, Threadripper and combinations thereof are trademarks of Advanced Micro Devices, Inc. CVE and the CVE logo are registered trademarks of The MITRE Corporation. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.
Third party content may be licensed to you directly by the third party that owns the content and is not licensed to you by AMD. ALL LINKED THIRD-PARTY CONTENT IS PROVIDED ‘AS IS’ WITHOUT A WARRANTY OF ANY KIND. USE OF SUCH THIRD-PARTY CONTENT IS DONE AT YOUR SOLE DISCRETION AND UNDER NO CIRCUMSTANCES WILL AMD BE LIABLE TO YOU FOR ANY THIRD PARTY CONTENT. YOU ASSUME ALL RISK AND ARE SOLELY RESPONSIBILITY FOR ANY DAMAGES THAT MAY ARISE FROM YOUR USE OF THIRD-PARTY CONTENT.
© 2025 Advanced Micro Devices, Inc. All rights reserved.