CVE-2024-36319 PUBLISHED

Assigner: AMD
Reserved: 23.05.2024 Published: 12.02.2026 Updated: 26.02.2026

Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H
CVSS Score: 6.3

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	Low	Confidentiality	High
Attack Complexity	Low	Integrity	Low	Integrity	High
Attack Requirements	None	Availability	Low	Availability	High
Privileges Required	Low
User Interaction	None

CVSS 4.0

Product Status

Vendor	AMD
Product	AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics; AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2 is unaffected

Vendor	AMD
Product	AMD Ryzen™ AI MAX Series Processors
Versions	Default: affected Version AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2 is unaffected

Vendor	AMD
Product	AMD Ryzen™ AI 300 Series Processors
Versions	Default: affected Version AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 8000 Series Desktop Processors
Versions	Default: affected Version AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2 is unaffected

Vendor	AMD
Product	AMD Ryzen™ Embedded 8000 Series Processors
Versions	Default: affected Version Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows® Catalyst™ driver [25.6.1] (68926) is unaffected

Vendor	AMD
Product	AMD Ryzen™ Embedded 7000 Series Processors
Versions	Default: affected Version Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows® Catalyst™ driver [25.6.1] (68926) is unaffected

Vendor	AMD
Product	AMD Ryzen™ Embedded 9000 Series Processors
Versions	Default: affected Version Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows® Catalyst™ driver [25.6.1] (68926) is unaffected

Vendor	AMD
Product	AMD Radeon™ RX 7000 Series Graphics Products
Versions	Default: affected Version 25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2(25.10.10), Radeon Software For Linux 25.10.1 is unaffected

Vendor	AMD
Product	AMD Radeon™ PRO W7000 Series Graphics Products
Versions	Default: affected Version 25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2(25.10.10), Radeon Software For Linux 25.10.1 is unaffected

Vendor	AMD
Product	AMD Instinct™ MI300X
Versions	Default: affected Version ROCm 6.2.4 is unaffected

Vendor	AMD
Product	AMD Instinct™ MI300A
Versions	Default: affected Version ROCm 6.2.4 is unaffected

Vendor	AMD
Product	AMD Instinct™ MI308X
Versions	Default: affected Version ROCm 6.2.4 is unaffected

Vendor	AMD
Product	AMD Instinct™ MI325X
Versions	Default: affected Version ROCm 6.2.4 is unaffected

Vendor	AMD
Product	AMD Radeon™ PRO V710
Versions	Default: affected Version Contact your AMD Customer Engineering representative is unaffected

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html

Problem Types

CWE-1191 On-Chip Debug and Test Interface With Improper Access Control CWE