VYPR
High severity7.5NVD Advisory· Published Sep 6, 2025· Updated Apr 15, 2026

CVE-2024-36354

CVE-2024-36354

Description

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level.

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.