Vulnerability in Video Decoder Engine Firmware from AMD
CVE-2024-36319

6.3MEDIUM

Key Information:

Vendor: Amd
Status: Amd Ryzen™ 7040 Series Mobile Processors With Radeon™ Graphics; amd Ryzen™ 8040 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ Ai Max Series Processors; Amd Ryzen™ Ai 300 Series Processors; Amd Ryzen™ 8000 Series Desktop Processors
Vendor: CVE Published:; 12 February 2026

What is CVE-2024-36319?

A vulnerability exists in AMD's Video Decoder Engine Firmware that stems from debug code being unnecessarily active. This flaw enables an attacker to send crafted commands, which could manipulate hardware registers. The potential consequences of this vulnerability include unauthorized access to sensitive information, disruption of system operations, and compromises to both system integrity and availability. Users of affected firmware versions should take immediate action to mitigate the risk associated with this exploitation.

Affected Version(s)

AMD Instinct™ MI300A ROCm 6.2.4

AMD Instinct™ MI300X ROCm 6.2.4

AMD Instinct™ MI308X ROCm 6.2.4

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2026
Vulnerability Reserved
May 23, 2024

CVE-2024-36319 Data

JSON

Amd

What is CVE-2024-36319?

Affected Version(s)

References

CVSS V4

Timeline