7.8
CVE-2024-36333
- EPSS 0.12%
- Veröffentlicht 15.05.2026 02:58:47
- Zuletzt bearbeitet 18.05.2026 15:15:15
- Quelle psirt@amd.com
- CVE-Watchlists
- Unerledigt
A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Amd ≫ Radeon Software SwEditionpro Version < 26.q1
Amd ≫ Radeon Software SwEditionpro Version < 25.q3.1
Amd ≫ Radeon Pro W5500 Version-
Amd ≫ Radeon Pro W5500x Version-
Amd ≫ Radeon Pro W5700 Version-
Amd ≫ Radeon Pro W5700x Version-
Amd ≫ Radeon Pro W6300 Version-
Amd ≫ Radeon Pro W6300m Version-
Amd ≫ Radeon Pro W6400 Version-
Amd ≫ Radeon Pro W6500m Version-
Amd ≫ Radeon Pro W6600 Version-
Amd ≫ Radeon Pro W6600m Version-
Amd ≫ Radeon Pro W6600x Version-
Amd ≫ Radeon Pro W6800 Version-
Amd ≫ Radeon Pro W6800x Version-
Amd ≫ Radeon Pro W6800x Duo Version-
Amd ≫ Radeon Pro W6900x Version-
Amd ≫ Radeon Pro W5500x Version-
Amd ≫ Radeon Pro W5700 Version-
Amd ≫ Radeon Pro W5700x Version-
Amd ≫ Radeon Pro W6300 Version-
Amd ≫ Radeon Pro W6300m Version-
Amd ≫ Radeon Pro W6400 Version-
Amd ≫ Radeon Pro W6500m Version-
Amd ≫ Radeon Pro W6600 Version-
Amd ≫ Radeon Pro W6600m Version-
Amd ≫ Radeon Pro W6600x Version-
Amd ≫ Radeon Pro W6800 Version-
Amd ≫ Radeon Pro W6800x Version-
Amd ≫ Radeon Pro W6800x Duo Version-
Amd ≫ Radeon Pro W6900x Version-
Amd ≫ Cleanup Utility Version25.20.00.00
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.021 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@amd.com | 7 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-427 Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html