8.8

CVE-2024-36323

Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAMD
Produkt AMD Radeon™ RX 7000 Series Graphics Products
Default Statusaffected
Version Radeon Software for Linux 24.20.3
Status unaffected
Version AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01)
Status unaffected
HerstellerAMD
Produkt AMD Radeon™ PRO W7000 Series Graphics Products
Default Statusaffected
Version Radeon Software for Linux 24.20.3
Status unaffected
Version AMD Software: PRO Edition 25.Q3.1 (25.10.32)
Status unaffected
HerstellerAMD
Produkt AMD Instinct™ MI308X
Default Statusaffected
Version ROC 6.3
Status unaffected
HerstellerAMD
Produkt AMD Instinct™ MI325X
Default Statusaffected
Version ROC 6.3
Status unaffected
HerstellerAMD
Produkt AMD Instinct™ MI300X
Default Statusaffected
Version ROCm 6.3
Status unaffected
HerstellerAMD
Produkt AMD Instinct™ MI300A
Default Statusaffected
Version ROCm 6.3
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.01% 0.016
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@amd.com 8.8 0 0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.