CVE-2024-36319

Summary

Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics;
AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ GraphicsAMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2unaffected
AMDAMD Ryzen™ AI MAX Series ProcessorsAMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2unaffected
AMDAMD Ryzen™ AI 300 Series ProcessorsAMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2unaffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsAMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2unaffected
AMDAMD Ryzen™ Embedded 8000 Series ProcessorsQ2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows® Catalyst™ driver [25.6.1] (68926)unaffected
AMDAMD Ryzen™ Embedded 7000 Series ProcessorsQ2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows® Catalyst™ driver [25.6.1] (68926)unaffected
AMDAMD Ryzen™ Embedded 9000 Series ProcessorsQ2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows® Catalyst™ driver [25.6.1] (68926)unaffected
AMDAMD Radeon™ RX 7000 Series Graphics Products25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2(25.10.10), Radeon Software For Linux 25.10.1unaffected
AMDAMD Radeon™ PRO W7000 Series Graphics Products25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2(25.10.10), Radeon Software For Linux 25.10.1unaffected
AMDAMD Instinct™ MI300XROCm 6.2.4unaffected
AMDAMD Instinct™ MI300AROCm 6.2.4unaffected
AMDAMD Instinct™ MI308XROCm 6.2.4unaffected
AMDAMD Instinct™ MI325XROCm 6.2.4unaffected
AMDAMD Radeon™ PRO V710Contact your AMD Customer Engineering representativeunaffected

Weaknesses

  • CWE-1191: CWE-1191 On-Chip Debug and Test Interface With Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References