CVE-2024-36345 Overview
CVE-2024-36345 affects the AMD OverDrive (AOD) System Management Mode (SMM) module. The vulnerability stems from improper input validation that allows a privileged attacker to trigger an out-of-bounds read. Successful exploitation can disclose data from SMM memory, resulting in loss of confidentiality.
The flaw maps to [CWE-1274: Improper Access Control for Volatile Memory Containing Boot Code]. Exploitation requires local access and high privileges, which limits opportunistic attacks but remains relevant for post-compromise scenarios where attackers seek firmware-level information disclosure.
Critical Impact
A local attacker with high privileges can read memory outside intended bounds within the SMM context, potentially exposing sensitive system data handled at the firmware layer.
Affected Products
- AMD OverDrive (AOD) System Management Mode (SMM) module
- Refer to AMD Security Bulletin #3030 for the list of impacted processor families
- Refer to AMD Security Bulletin #4017 for additional affected platforms
Discovery Timeline
- 2026-05-15 - CVE-2024-36345 published to NVD
- 2026-05-15 - Last updated in NVD database
Technical Details for CVE-2024-36345
Vulnerability Analysis
The vulnerability resides in the AMD OverDrive (AOD) SMM module, a firmware component executing in System Management Mode. SMM runs at a higher privilege level than the operating system kernel and operates in System Management RAM (SMRAM), which is normally isolated from OS visibility.
The AOD SMM handler fails to properly validate input parameters supplied to it. When an attacker invokes the handler with crafted inputs, the module reads memory beyond the intended buffer boundary. The attacker can then retrieve the disclosed data through the SMM communication interface.
Because SMM operates with full access to physical memory and platform resources, an out-of-bounds read at this layer can expose data that is otherwise inaccessible from ring 0. The impact is limited to confidentiality loss, with no integrity or availability degradation reported.
Root Cause
The root cause is missing or insufficient bounds checking on attacker-controlled values that drive read operations inside the AOD SMM handler. The handler trusts caller-supplied offsets or lengths without verifying that resulting memory accesses remain within the intended buffer.
Attack Vector
Exploitation requires local access with high privileges, typically administrator or root on the host operating system. The attacker invokes the vulnerable AOD SMM interface from the OS, supplies malformed parameters, and reads back data from out-of-bounds memory locations within SMM context.
No authentication bypass or remote vector is involved. The vulnerability cannot be triggered by unprivileged users or over a network. Detailed exploitation primitives have not been published in AMD Security Bulletin #3030 or AMD Security Bulletin #4017.
Detection Methods for CVE-2024-36345
Indicators of Compromise
- No public indicators of compromise have been published for this vulnerability
- The AMD security bulletins do not list file hashes, network signatures, or known exploitation artifacts
- Exploitation occurs at the firmware layer and leaves limited traces in operating system logs
Detection Strategies
- Inventory systems running the AMD OverDrive utility and correlate against the affected platform list in the AMD bulletins
- Monitor for installation or execution of AMD OverDrive components on production hosts where the utility is not required
- Audit privileged process behavior interacting with SMM communication buffers and ACPI interfaces
Monitoring Recommendations
- Track loading of AOD drivers and associated kernel modules on Windows and Linux endpoints
- Alert on unexpected administrator-level processes invoking platform firmware interfaces
- Maintain firmware and chipset driver version baselines and flag drift from approved versions
How to Mitigate CVE-2024-36345
Immediate Actions Required
- Review AMD Security Bulletin #3030 and AMD Security Bulletin #4017 to identify affected platforms in your environment
- Apply firmware and AOD module updates supplied by AMD or the system OEM
- Remove the AMD OverDrive utility from systems where it is not actively used
Patch Information
AMD has published mitigation guidance in AMD Security Bulletin #3030 and AMD Security Bulletin #4017. Apply the firmware versions specified for each affected processor family through your platform vendor or OEM update channel.
Workarounds
- Restrict local administrative access to trusted users to reduce the privileged-attacker exposure required for exploitation
- Uninstall the AMD OverDrive utility on systems that do not require runtime overclocking or tuning
- Enforce signed driver and firmware update policies to prevent unauthorized AOD component loading
# Example: verify whether the AMD OverDrive driver is present on Windows
sc query AODDriver
sc query AODDriver4.3.0
# Example: remove the AMD OverDrive utility via standard uninstall flow
wmic product where "name like 'AMD OverDrive%%'" call uninstall
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
