Amd CVE-2024-36337
HIGHCVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
Lifecycle Timeline
2DescriptionNVD
Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of confidentiality, integrity or availability.
AnalysisAI
Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of confidentiality, integrity or availability. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of confidentiality, integrity or availability.
Affected ProductsAI
AMD NPU Driver.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.
More from same product – last 7 days
VM escape in Kata Containers allows any Kubernetes user with pod-creation rights to break out of the VM sandbox and gain
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix watch_id bounds checking in debug a
In the Linux kernel, the following vulnerability has been resolved: ceph: only d_add() negative dentries when they are
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of shared r
Share
External POC / Exploit Code
Leaving vuln.today