Improper Input Validation in AMD Power Management Firmware
CVE-2024-36346

6MEDIUM

Key Information:

Vendor: Amd
Status: Amd Instinct™ Mi300a; Amd Instinct™ Mi300x
Vendor: CVE Published:; 6 September 2025

What is CVE-2024-36346?

A vulnerability in AMD's Power Management Firmware allows a privileged attacker to exploit improper input validation. This can enable a Guest VM to send arbitrary input data, which could potentially trigger a GPU Reset condition. Such vulnerabilities pose significant risks to system stability and performance, emphasizing the need for rapid mitigation.

Affected Version(s)

AMD Instinct™ MI300A BKC 21

AMD Instinct™ MI300X BKC 24.13

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2025
Vulnerability Reserved
May 23, 2024

Amd

What is CVE-2024-36346?

Affected Version(s)

References

CVSS V3.1

Timeline