CVE-2024-36319
6.3
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H
Summary
Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics; | ||
| AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics | AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2 | unaffected | |
| AMD | AMD Ryzen™ AI MAX Series Processors | AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2 | unaffected |
| AMD | AMD Ryzen™ AI 300 Series Processors | AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2 | unaffected |
| AMD | AMD Ryzen™ 8000 Series Desktop Processors | AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2 | unaffected |
| AMD | AMD Ryzen™ Embedded 8000 Series Processors | Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows® Catalyst™ driver [25.6.1] (68926) | unaffected |
| AMD | AMD Ryzen™ Embedded 7000 Series Processors | Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows® Catalyst™ driver [25.6.1] (68926) | unaffected |
| AMD | AMD Ryzen™ Embedded 9000 Series Processors | Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows® Catalyst™ driver [25.6.1] (68926) | unaffected |
| AMD | AMD Radeon™ RX 7000 Series Graphics Products | 25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2(25.10.10), Radeon Software For Linux 25.10.1 | unaffected |
| AMD | AMD Radeon™ PRO W7000 Series Graphics Products | 25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2(25.10.10), Radeon Software For Linux 25.10.1 | unaffected |
| AMD | AMD Instinct™ MI300X | ROCm 6.2.4 | unaffected |
| AMD | AMD Instinct™ MI300A | ROCm 6.2.4 | unaffected |
| AMD | AMD Instinct™ MI308X | ROCm 6.2.4 | unaffected |
| AMD | AMD Instinct™ MI325X | ROCm 6.2.4 | unaffected |
| AMD | AMD Radeon™ PRO V710 | Contact your AMD Customer Engineering representative | unaffected |
Weaknesses
- CWE-1191: CWE-1191 On-Chip Debug and Test Interface With Improper Access Control
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.