CVE-2024-36334

Summary

Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Radeon™ RX 7000 Series Graphics Productsamd_rx_7900_xtx_rgb_led_20241008.exe “AMD Radeon RX 7900 XTX RGB Tool” available at https://www.amd.com/en/support/downloads/drivers.html/graphics/radeon-rx/radeon-rx-7000-series/amd-radeon-rx-7900-xtx.htmlunaffected

Weaknesses

  • CWE-347: CWE-347 Improper Verification of Cryptographic Signature

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References