Vulnerability in Amd Instinct™ Mi300a

CVE-2024-36323

Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbit…

EPSS: 0.000 (1.7th percentile) — read the EPSS interpretation.

Affected products

Amd Instinct™ Mi300a — versions ROCm 6.3
Amd Instinct™ Mi300x — versions ROCm 6.3
Amd Instinct™ Mi308x — versions ROC 6.3
Amd Instinct™ Mi325x — versions ROC 6.3
Amd Radeon™ Pro W7000 Series Graphics Products — versions Radeon Software for Linux 24.20.3, AMD Software: PRO Edition 25.Q3.1 (25.10.32)
Amd Radeon™ Rx 7000 Series Graphics Products — versions Radeon Software for Linux 24.20.3, AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01)

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

psirt@amd.com