Integer Overflow Vulnerability in AMD NPU Driver
CVE-2024-36337

7.9HIGH

Key Information:

Vendor: Amd
Status: Amd Ryzen™ Ai Software
Vendor: CVE Published:; 2 April 2025

What is CVE-2024-36337?

An integer overflow in the AMD NPU Driver can allow a local attacker to write data beyond allocated memory boundaries. This vulnerability can lead to significant security risks including unauthorized access to sensitive data, compromise of system integrity, and potential disruption of availability. Users of affected versions are advised to apply the latest security updates to mitigate these risks.

Affected Version(s)

AMD Ryzen™ AI Software 1.3

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

7.9

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2025
Vulnerability Reserved
May 23, 2024

Amd

What is CVE-2024-36337?

Affected Version(s)

References

CVSS V3.1

Timeline