Integer Overflow Vulnerability in AMD NPU Driver
CVE-2024-36328

7.3HIGH

Key Information:

Vendor: Amd
Status: Amd Ryzen™ Ai Software
Vendor: CVE Published:; 2 April 2025

What is CVE-2024-36328?

An integer overflow vulnerability exists in the AMD NPU Driver, which may allow a local attacker to execute code outside of intended memory boundaries. This weakness could potentially compromise the integrity and availability of the system, highlighting the importance of timely updates and patches to mitigate associated risks.

Affected Version(s)

AMD Ryzen™ AI Software 1.3

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2025
Vulnerability Reserved
May 23, 2024

Amd

What is CVE-2024-36328?

Affected Version(s)

References

CVSS V3.1

Timeline