CVE-2024-36319
CVE-2024-36319
In short
Debug code left in AMD's video decoder firmware allows attackers to send specially crafted commands that could read or modify hardware registers, potentially compromising system security and stability.
Technical detail
CWE-1191 vulnerability in AMD VCN firmware with active debug functionality permits submission of malicious commands to perform unauthorized hardware register access. Attack vector is local/network-based command injection with low privileges required; impact includes confidentiality, integrity, and availability compromise.
Summary generated and translated by AI from the official description.
Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H
Affected products
AMD · AMD Instinct™ MI300AAMD · AMD Instinct™ MI300XAMD · AMD Instinct™ MI308XAMD · AMD Instinct™ MI325XAMD · AMD Radeon™ PRO V710AMD · AMD Radeon™ PRO W7000 Series Graphics ProductsAMD · AMD Radeon™ RX 7000 Series Graphics ProductsAMD · AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics;
AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ GraphicsAMD · AMD Ryzen™ 8000 Series Desktop ProcessorsAMD · AMD Ryzen™ AI 300 Series ProcessorsAMD · AMD Ryzen™ AI MAX Series ProcessorsAMD · AMD Ryzen™ Embedded 7000 Series ProcessorsAMD · AMD Ryzen™ Embedded 8000 Series ProcessorsAMD · AMD Ryzen™ Embedded 9000 Series ProcessorsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →