CVE-2024-36333

Description

A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

CVSS breakdown

CVSS 4.0

Attack Vector

Local

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

Passive

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

High

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Affected products

AMD / AMD Cleanup Utilityhttps://www.amd.com/en/resources/support-articles/faqs/GPU-601.html – https://www.amd.com/en/resources/support-articles/faqs/GPU-601.html
AMD / AMD Radeon™ PRO VIIAMD Software: PRO Edition 26.Q1 (23.19.24) – AMD Software: PRO Edition 26.Q1 (23.19.24)
AMD / AMD Radeon™ PRO W5000 Series Graphics ProductsAMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA) – AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA)
AMD / AMD Radeon™ PRO W6000 Series Graphics ProductsAMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA) – AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA)
AMD / AMD Radeon™ PRO W7000 Series Graphics ProductsAMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA) – AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA)
AMD / AMD Radeon™ PRO WX 8000/9000 Series Graphics CardsAMD Software: PRO Edition 26.Q1 (23.19.24) – AMD Software: PRO Edition 26.Q1 (23.19.24)
AMD / AMD Radeon™ RX 5000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2) – AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2)
AMD / AMD Radeon™ RX 6000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2) – AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2)
AMD / AMD Radeon™ RX 7000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2) – AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2)
AMD / AMD Radeon™ RX Vega Series Graphics CardsAMD Software: Adrenalin Edition 26.1.1 (23.19.24) – AMD Software: Adrenalin Edition 26.1.1 (23.19.24)
AMD / AMD Radeon™ VIIAMD Software: Adrenalin Edition 26.1.1 (23.19.24) – AMD Software: Adrenalin Edition 26.1.1 (23.19.24)

References

MISChttps://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html