Integer Overflow Vulnerability in AMD NPU Driver
CVE-2024-36337

7.9HIGH

Key Information:

Vendor
Amd
Vendor
CVE Published:
2 April 2025

Summary

An integer overflow in the AMD NPU Driver can allow a local attacker to write data beyond allocated memory boundaries. This vulnerability can lead to significant security risks including unauthorized access to sensitive data, compromise of system integrity, and potential disruption of availability. Users of affected versions are advised to apply the latest security updates to mitigate these risks.

Affected Version(s)

AMD Ryzen™ AI Software 1.3

References

CVSS V3.1

Score:
7.9
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.