AMD OverDrive SMM OOB Read via Improper Input Validation
CVE-2024-36345 Published on May 15, 2026
Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality.
Weakness Type
Insufficient Protections on the Volatile Memory Containing Boot Code
The protections on the product's non-volatile memory containing boot code are insufficient to prevent the bypassing of secure boot or the execution of an untrusted, boot code chosen by an adversary.
Affected Versions
AMD EPYC™ 4004:- Version ComboAM5PI 1.1.0.3d is unaffected.
- Version ComboAM5 1.2.0.3j is unaffected.
- Version RembrandtPI-FP7_1.0.0.Bg is unaffected.
- Version PhoenixPI-FP8-FP7_1.2.0.0f is unaffected.
- Version DragonRangeFL1_1.0.0.3l is unaffected.
- Version ComboAM5PI 1.0.0.e is unaffected.
- Version ComboAM5PI 1.1.0.3g is unaffected.
- Version ComboAM5PI 1.2.0.3j is unaffected.
- Version FireRangeFL1PI 1.0.0.0f is unaffected.
- Version StrixHaloPI-FP11_1.0.0.2b is unaffected.
- Version StrixKrackanPI-FP8_1.1.0.0f is unaffected.
- Version StrixKrackanPI-FP8_1.1.0.2e is unaffected.
- Version StormPeakPI-SP6 1.1.0.0k is unaffected.
- Version StormPeakPI-SP6 1.0.0.1m is unaffected.
- Version StormPeakPI-SP6 1.1.0.0k is unaffected.
- Version ComboAM5PI 1.1.0.3g is unaffected.
- Version ComboAM5PI 1.2.0.3j is unaffected.
- Version ComboAM5PI 1.2.0.3j is unaffected.
- Version ComboAM5PI 1.2.0.3j is unaffected.
- Version PhoenixPI-FP8-FP7_1.2.0.0f is unaffected.
- Version EmbeddedPhoenixPI-FP7r2_1.0.0.4 is unaffected.
- Version Embedded-PI_FP7r2 1012 is unaffected.
- Version EmbeddedAM5PI 1.0.0.7 is unaffected.
- Version EmbeddedAM5PI 1.0.0.7 is unaffected.