Vulnerability in AMD Virtualization Technology Impacting JPEG Cores
CVE-2024-36323

8.8HIGH

Key Information:

Vendor: Amd
Status: Amd Radeon™ Rx 7000 Series Graphics Products; Amd Radeon™ Pro W7000 Series Graphics Products; Amd Instinct™ Mi308x; Amd Instinct™ Mi325x
Vendor: CVE Published:; 15 May 2026

What is CVE-2024-36323?

The vulnerability arises from the improper isolation of the VCN-JPEG HW register space within AMD's virtualization technology. This flaw can allow a malicious Guest Virtual Machine (VM) or process to gain unauthorized access to the register space of JPEG cores assigned to a victim VM or process. Consequently, this may enable attackers to perform arbitrary read and write operations on the data of the affected VM or process, posing significant risks to data integrity and confidentiality.

Affected Version(s)

AMD Instinct™ MI300A ROCm 6.3

AMD Instinct™ MI300X ROCm 6.3

AMD Instinct™ MI308X ROC 6.3

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
May 23, 2024

CVE-2024-36323 Data

JSON

Amd

What is CVE-2024-36323?

Affected Version(s)

References

CVSS V4

Timeline