Improper Input Validation in AMD NPU Driver Leads to Security Risks
CVE-2024-21975

7.8HIGH

Key Information:

Vendor: Amd
Status: Ryzen Ai Software
Vendor: CVE Published:; 12 November 2024

Summary

The AMD NPU driver is vulnerable due to improper input validation, which could allow an attacker to provide a specially crafted pointer. This vulnerability has the potential to lead to arbitrary code execution, thereby placing systems at significant security risk. Users of affected AMD products are advised to review their configurations and apply necessary updates as outlined in the AMD security bulletin.

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024

Collectors

NVD Database