CVE-2024-36336

Integer overflow within the AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to a loss of confidentiality, integrity, or availability.

CVSS v3 7.9 HIGH

7.9^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 5.3

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html

Configurations

No configuration.

History

07 Apr 2025, 14:18

Type	Values Removed	Values Added
Summary		(es) El desbordamiento entero dentro del conductor de la NPU de la AMD podría permitir que un atacante local escriba fuera de los límites, lo que potencialmente conduce a una pérdida de confidencialidad, integridad o disponibilidad.

02 Apr 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-02 17:15

Updated : 2025-04-07 14:18

NVD link : CVE-2024-36336

Mitre link : CVE-2024-36336

CVE.ORG link : CVE-2024-36336

JSON object : View

Products Affected

No product.

CWE

CWE-190

Integer Overflow or Wraparound

7.9 /10