cvelistv5 - CVE-2024-36353

CVE-2024-36353 (GCVE-0-2024-36353)

Vulnerability from cvelistv5 – Published: 2025-03-02 17:33 – Updated: 2025-10-14 17:36

Summary

Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-459 - Incomplete Cleanup

Assigner

AMD

References

URL

Tags

https://www.amd.com/en/resources/product-security…

Impacted products

Vendor

Product

Version

AMD

AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics

Unaffected: Radeon Software For Linux 25.10.1

AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 7000 Series Desktop Processor	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 9000HX Series Processors	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ AI Max 300 Series Processors	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ Z2 Series Processors Extreme	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 4000 Series Desktop Processors	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 8000 Series Desktop Processors	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Ryzen™ 9000 Series Desktop Processors	Unaffected: Radeon Software For Linux 25.10.1
AMD	Ryzen™ Embedded R1000	Unaffected: Kernel 6.12.25 LTS
AMD	Ryzen™ Embedded R2000	Unaffected: Kernel 6.12.25 LTS
AMD	AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Raven Ridge")	Unaffected: Kernel 6.12.25 LTS
AMD	Ryzen™ Embedded V2000	Unaffected: Kernel 6.12.25 LTS
AMD	Ryzen™ Embedded V3000	Unaffected: Kernel 6.12.25 LTS
AMD	AMD Ryzen Embedded V2000A Series Processors	Unaffected: Kernel 6.12.25 LTS
AMD	AMD Radeon™ RX 5000/PRO W5000 Series Graphics Products	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Radeon™ RX6000/PRO W6000 Series Graphics Products	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Radeon™ RX 7000/PRO W7000 Series Graphics Products	Unaffected: Radeon Software For Linux 25.10.1
AMD	AMD Radeon™ PRO V520	Unaffected: Contact your AMD Customer Engineering representative
AMD	AMD Radeon™ PRO V620	Unaffected: Contact your AMD Customer Engineering representative
AMD	AMD Radeon™ PRO V710	Unaffected: Contact your AMD Customer Engineering representative

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36353",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-03T15:49:49.731257Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-03T15:50:05.010Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processor",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 9000HX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 AI Max 300 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Z2 Series Processors Extreme",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 9000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Kernel 6.12.25 LTS"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Kernel 6.12.25 LTS"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors (formerly codenamed \"Raven Ridge\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Kernel 6.12.25 LTS"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Kernel 6.12.25 LTS"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Kernel 6.12.25 LTS"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen Embedded V2000A Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Kernel 6.12.25 LTS"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 RX 5000/PRO W5000 Series Graphics Products",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 RX6000/PRO W6000 Series Graphics Products",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 RX 7000/PRO W7000 Series Graphics Products",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 PRO V520",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Contact your AMD Customer Engineering representative"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 PRO V620",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Contact your AMD Customer Engineering representative"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 PRO V710",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Contact your AMD Customer Engineering representative"
            }
          ]
        }
      ],
      "datePublic": "2025-10-14T17:11:51.489Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality.\u003cbr\u003e"
            }
          ],
          "value": "Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-459",
              "description": "CWE-459  Incomplete Cleanup",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T17:36:48.115Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6019.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "AMD PSIRT Automation 1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2024-36353",
    "datePublished": "2025-03-02T17:33:11.636Z",
    "dateReserved": "2024-05-23T19:44:50.000Z",
    "dateUpdated": "2025-10-14T17:36:48.115Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-36353\",\"sourceIdentifier\":\"psirt@amd.com\",\"published\":\"2025-03-02T18:15:34.033\",\"lastModified\":\"2025-09-25T20:15:33.850\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality.\"},{\"lang\":\"es\",\"value\":\"Una depuraci\u00f3n insuficiente de la memoria global de la GPU podr\u00eda permitir que un proceso malicioso que se ejecuta en la misma GPU lea valores de memoria restantes, lo que podr\u00eda provocar una p\u00e9rdida de confidencialidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@amd.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"psirt@amd.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-459\"}]}],\"references\":[{\"url\":\"https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6019.html\",\"source\":\"psirt@amd.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-36353\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-03T15:49:49.731257Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-03T15:49:55.295Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 4000 Series Mobile Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 6000 Series Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Athlon\\u2122 3000 Series Mobile Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7040 Series Mobile Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7020 Series Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7045 Series Mobile Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7000 Series Desktop Processor\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 5000 Series Desktop Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7030 Series Mobile Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 9000HX Series Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 AI Max 300 Series Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Z2 Series Processors Extreme\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7035 Series Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 4000 Series Desktop Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 5000 Series Mobile Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 8000 Series Desktop Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 9000 Series Desktop Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"Ryzen\\u2122 Embedded R1000\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Kernel 6.12.25 LTS\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"Ryzen\\u2122 Embedded R2000\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Kernel 6.12.25 LTS\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Embedded V1000 Series Processors (formerly codenamed \\\"Raven Ridge\\\")\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Kernel 6.12.25 LTS\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"Ryzen\\u2122 Embedded V2000\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Kernel 6.12.25 LTS\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"Ryzen\\u2122 Embedded V3000\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Kernel 6.12.25 LTS\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen Embedded V2000A Series Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Kernel 6.12.25 LTS\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Radeon\\u2122 RX 5000/PRO W5000 Series Graphics Products\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Radeon\\u2122 RX6000/PRO W6000 Series Graphics Products\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Radeon\\u2122 RX 7000/PRO W7000 Series Graphics Products\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Radeon Software For Linux 25.10.1\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Radeon\\u2122 PRO V520\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Contact your AMD Customer Engineering representative\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Radeon\\u2122 PRO V620\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Contact your AMD Customer Engineering representative\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Radeon\\u2122 PRO V710\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"Contact your AMD Customer Engineering representative\"}], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2025-10-14T17:11:51.489Z\", \"references\": [{\"url\": \"https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6019.html\"}], \"x_generator\": {\"engine\": \"AMD PSIRT Automation 1.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-459\", \"description\": \"CWE-459  Incomplete Cleanup\"}]}], \"providerMetadata\": {\"orgId\": \"b58fc414-a1e4-4f92-9d70-1add41838648\", \"shortName\": \"AMD\", \"dateUpdated\": \"2025-10-14T17:36:48.115Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-36353\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-14T17:36:48.115Z\", \"dateReserved\": \"2024-05-23T19:44:50.000Z\", \"assignerOrgId\": \"b58fc414-a1e4-4f92-9d70-1add41838648\", \"datePublished\": \"2025-03-02T17:33:11.636Z\", \"assignerShortName\": \"AMD\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-HWG4-5CX4-H25M

Vulnerability from github – Published: 2025-03-02 18:30 – Updated: 2025-09-25 21:30

Details

Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values, potentially leading to loss of confidentiality.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-36353"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-02T18:15:34Z",
    "severity": "MODERATE"
  },
  "details": "Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values, potentially leading to loss of confidentiality.",
  "id": "GHSA-hwg4-5cx4-h25m",
  "modified": "2025-09-25T21:30:20Z",
  "published": "2025-03-02T18:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36353"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6019.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2024-36353

Vulnerability from fkie_nvd - Published: 2025-03-02 18:15 - Updated: 2025-09-25 20:15

Severity ?

6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Summary

Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality.

References

	URL	Tags
	psirt@amd.com	https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6019.html

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality."
    },
    {
      "lang": "es",
      "value": "Una depuraci\u00f3n insuficiente de la memoria global de la GPU podr\u00eda permitir que un proceso malicioso que se ejecuta en la misma GPU lea valores de memoria restantes, lo que podr\u00eda provocar una p\u00e9rdida de confidencialidad."
    }
  ],
  "id": "CVE-2024-36353",
  "lastModified": "2025-09-25T20:15:33.850",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 4.0,
        "source": "psirt@amd.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-02T18:15:34.033",
  "references": [
    {
      "source": "psirt@amd.com",
      "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6019.html"
    }
  ],
  "sourceIdentifier": "psirt@amd.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-459"
        }
      ],
      "source": "psirt@amd.com",
      "type": "Secondary"
    }
  ]
}

WID-SEC-W-2025-0440

Vulnerability from csaf_certbund - Published: 2025-02-25 23:00 - Updated: 2025-03-11 23:00

Summary

AMD Radeon: Schwachstelle ermöglicht Offenlegung von Informationen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Radeon bezeichnet eine Familie von Grafikkarten von AMD. Prozessoren sind die zentralen Rechenwerke eines Computers.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in AMD Radeon und AMD Prozessor ausnutzen, um Informationen offenzulegen.

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Radeon bezeichnet eine Familie von Grafikkarten von AMD.\r\nProzessoren sind die zentralen Rechenwerke eines Computers.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in AMD Radeon und AMD Prozessor ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0440 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0440.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0440 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0440"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin vom 2025-02-25",
        "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6019.html"
      },
      {
        "category": "external",
        "summary": "Lenovo Security Advisory LEN-188740 vom 2025-03-11",
        "url": "https://support.lenovo.com/us/en/product_security/LEN-188740"
      }
    ],
    "source_lang": "en-US",
    "title": "AMD Radeon: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2025-03-11T23:00:00.000+00:00",
      "generator": {
        "date": "2025-03-12T09:20:42.820+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0440",
      "initial_release_date": "2025-02-25T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-02-25T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-03-11T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von LENOVO aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "AMD Prozessor",
            "product": {
              "name": "AMD Prozessor",
              "product_id": "T041432",
              "product_identification_helper": {
                "cpe": "cpe:/h:amd:amd_processor:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "AMD Radeon",
            "product": {
              "name": "AMD Radeon",
              "product_id": "T041431",
              "product_identification_helper": {
                "cpe": "cpe:/h:amd:radeon:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "AMD"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Lenovo Computer",
            "product": {
              "name": "Lenovo Computer",
              "product_id": "T026557",
              "product_identification_helper": {
                "cpe": "cpe:/h:lenovo:computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Lenovo"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-36353",
      "product_status": {
        "known_affected": [
          "T026557",
          "T041432",
          "T041431"
        ]
      },
      "release_date": "2025-02-25T23:00:00.000+00:00",
      "title": "CVE-2024-36353"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-36353 (GCVE-0-2024-36353)

GHSA-HWG4-5CX4-H25M

FKIE_CVE-2024-36353

WID-SEC-W-2025-0440

Tags

Sightings

Nomenclature