Integer Overflow Vulnerability in AMD NPU Driver
CVE-2024-36337

7.9HIGH

Key Information:

Vendor: Amd
Status: Amd Ryzen™ Ai Software
Vendor: CVE Published:; 2 April 2025

Summary

An integer overflow in the AMD NPU Driver can allow a local attacker to write data beyond allocated memory boundaries. This vulnerability can lead to significant security risks including unauthorized access to sensitive data, compromise of system integrity, and potential disruption of availability. Users of affected versions are advised to apply the latest security updates to mitigate these risks.

Affected Version(s)

AMD Ryzen™ AI Software 1.3

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

7.9

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 2, 2025
Vulnerability Reserved
May 23, 2024