Improper Input Validation in AMD NPU Driver Exposes Systems to Risks
CVE-2024-21976

8.8HIGH

Key Information:

Vendor: Amd
Status: Amd Ryzen™ Ai Software
Vendor: CVE Published:; 12 November 2024

What is CVE-2024-21976?

A vulnerability in the AMD NPU driver arises from improper input validation, which may allow attackers to provide specially crafted pointers. This flaw could enable unauthorized execution of arbitrary code, compromising the integrity and security of the affected systems. Users of the NPU driver should review the latest security bulletins provided by AMD for updates and remediation measures.

Affected Version(s)

AMD Ryzen™ AI Software 0 < 1.2

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2024

JSON

Amd

What is CVE-2024-21976?

Affected Version(s)

References

CVSS V3.1

Timeline