We use cookies to improve your experience on our site.
AVID-2026-R1491
Description
Vulnerability CVE-2024-36336
Details
Integer overflow within the AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to a loss of confidentiality, integrity, or availability.
Reason for inclusion in AVID: CVE-2024-36336 describes an integer overflow in the AMD NPU Driver (software component) that could allow local out-of-bounds write, risking confidentiality, integrity, or availability. The AMD NPU driver is part of the AI acceleration stack (e.g., AMD Ryzen AI Software) and is used in AI workloads. Therefore, this is a software supply-chain vulnerability affecting AI systems, with clear security impact, supported by CVE/NVD references.
References
Affected or Relevant Artifacts
- Developer: AMD
- Deployer: AMD
- Artifact Details:
| Type | Name |
|---|---|
| System | AMD Ryzen™ AI Software |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H |
| Base Score | 7.9 |
| Base Severity | 🔴 High |
| Attack Vector | LOCAL |
| Attack Complexity | 🟢 Low |
| Privileges Required | 🟢 Low |
| User Interaction | NONE |
| Scope | CHANGED |
| Confidentiality Impact | 🟢 Low |
| Integrity Impact | 🟢 Low |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-190 | CWE-190 Integer Overflow or Wraparound |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2025-04-02
- Version: 0.3.3
- AVID Entry