CVE-2024-36323 | THREATINT

Description

Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data.

PUBLISHED Reserved 2024-05-23 | Published 2026-05-15 | Updated 2026-05-16 | Assigner AMD

HIGH: 8.8CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

Security Vulnerability

Product status

Default status

affected

Radeon Software for Linux 24.20.3

unaffected

AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01)

unaffected

Default status

affected

Radeon Software for Linux 24.20.3

unaffected

AMD Software: PRO Edition 25.Q3.1 (25.10.32)

unaffected

Default status

affected

ROC 6.3

unaffected

Default status

affected

ROC 6.3

unaffected

Default status

affected

ROCm 6.3

unaffected

Default status

affected

ROCm 6.3

unaffected

References

www.amd.com/...es/product-security/bulletin/AMD-SB-6027.html

cve.org (CVE-2024-36323)

nvd.nist.gov (CVE-2024-36323)

Download JSON