CVE-2024-36323

Summary

Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Radeon™ RX 7000 Series Graphics ProductsRadeon Software for Linux 24.20.3unaffected
AMDAMD Radeon™ RX 7000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.10.2 (25.20.21.01)unaffected
AMDAMD Radeon™ PRO W7000 Series Graphics ProductsRadeon Software for Linux 24.20.3unaffected
AMDAMD Radeon™ PRO W7000 Series Graphics ProductsAMD Software: PRO Edition 25.Q3.1 (25.10.32)unaffected
AMDAMD Instinct™ MI308XROC 6.3unaffected
AMDAMD Instinct™ MI325XROC 6.3unaffected
AMDAMD Instinct™ MI300XROCm 6.3unaffected
AMDAMD Instinct™ MI300AROCm 6.3unaffected

Weaknesses

  • Security Vulnerability

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References