Vulnerability in Amd Instinct™ Mi300a

CVE-2024-36319

Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity…

EPSS: 0.000 (1.7th percentile) — read the EPSS interpretation.

Affected products

Amd Instinct™ Mi300a — versions ROCm 6.2.4
Amd Instinct™ Mi300x — versions ROCm 6.2.4
Amd Instinct™ Mi308x — versions ROCm 6.2.4
Amd Instinct™ Mi325x — versions ROCm 6.2.4
Amd Radeon™ Pro V710 — versions Contact your AMD Customer Engineering representative
Amd Radeon™ Pro W7000 Series Graphics Products — versions 25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2(25.10.10), Radeon Software For Linux 25.10.1
Amd Radeon™ Rx 7000 Series Graphics Products — versions 25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2(25.10.10), Radeon Software For Linux 25.10.1
Amd Ryzen™ 7040 Series Mobile Processors With Radeon™ Graphics; 8040 Graphics — versions AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2
Amd Ryzen™ 8000 Series Desktop Processors — versions AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2
Amd Ryzen™ Ai 300 Series Processors — versions AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2

Weakness classification (CWE)

CWE-1191

References

www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html