CVE-2024-36323 - Vulnerability Details

- Unauthorized Access via Improper VCN‑JPEG Register Isolation in AMD GPU Systems

Description

Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data.

Published: 2026-05-15

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises from inadequate isolation of the Video Compression Network (VCN) JPEG hardware register space on AMD GPUs, allowing a malicious guest virtual machine or process to read and write the registers of JPEG cores assigned to another VM or process. This can provide arbitrary read/write access to the victim VM or process data, potentially enabling privilege escalation, data theft, or remote code execution.

Affected Systems

AMD Instinct MI300A, MI300X, MI308X, MI325X, Radeon PRO W7000 Series, and Radeon RX 7000 Series graphics products are affected according to the vendor notice. No specific firmware or driver version delimiters were provided, so all listed model families should be considered vulnerable until further clarification.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity vulnerability. EPSS is not available and the issue is not in the CISA KEV catalog, suggesting no confirmed widespread exploitation, but the lack of adequate isolation means an attacker within a shared host can potentially pivot through the GPU. The likely attack vector is an insider or compromised guest VM that can manipulate GPU register access, so the risk remains significant for virtualization environments that expose shared GPU resources.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

AMD

AMD Radeon™ RX 7000 Series Graphics Products

affected

Version	Status	Constraints
`Radeon Software for Linux 24.20.3`	unaffected	—
`AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01)`	unaffected	—

AMD

AMD Radeon™ PRO W7000 Series Graphics Products

affected

Version	Status	Constraints
`Radeon Software for Linux 24.20.3`	unaffected	—
`AMD Software: PRO Edition 25.Q3.1 (25.10.32)`	unaffected	—

AMD

AMD Instinct™ MI308X

affected

Version	Status	Constraints
`ROC 6.3`	unaffected	—

AMD

AMD Instinct™ MI325X

affected

Version	Status	Constraints
`ROC 6.3`	unaffected	—

AMD

AMD Instinct™ MI300X

affected

Version	Status	Constraints
`ROCm 6.3`	unaffected	—

AMD

AMD Instinct™ MI300A

affected

Version	Status	Constraints
`ROCm 6.3`	unaffected	—

No data.

Vendor Product Confidence Versions

Amd

Instinct Mi300a

88%

Version	Status	Scheme	Platform
`ROCm 6.3`	unaffected	generic	—

Amd

Instinct Mi300x

88%

Version	Status	Scheme	Platform
`ROCm 6.3`	unaffected	generic	—

Amd

Instinct Mi308x

88%

Version	Status	Scheme	Platform
`ROC 6.3`	unaffected	generic	—

Amd

Instinct Mi325x

88%

Version	Status	Scheme	Platform
`ROC 6.3`	unaffected	generic	—

Amd

Radeon Pro W7000 Series

100%

Version	Status	Scheme	Platform
`Radeon Software for Linux 24.20.3`	unaffected	generic	—
`AMD Software: PRO Edition 25.Q3.1 (25.10.32)`	unaffected	generic	—

Amd

Radeon Rx 7000 Series

100%

Version	Status	Scheme	Platform
`Radeon Software for Linux 24.20.3`	unaffected	generic	—
`AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01)`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Review AMD's product security bulletin (AMD‑SB‑6027) and identify any firmware or driver updates that address VCN‑JPEG register isolation.
Deploy the latest firmware/driver patches to all AMD Instinct and Radeon GPUs listed as affected.
Configure virtualization hosts to restrict or disable VCN‑JPEG GPU sharing between VMs, or isolate GPU resources per virtual machine to prevent cross‑VM register access.
Monitor GPU activity logs for abnormal register access patterns and enforce least‑privilege policies on guest VMs.

Generated by OpenCVE AI on May 15, 2026 at 05:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00012.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html

History

Fri, 15 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 15 May 2026 11:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Amd Amd instinct Mi300a Amd instinct Mi300x Amd instinct Mi308x Amd instinct Mi325x Amd radeon Pro W7000 Series Amd radeon Rx 7000 Series
Vendors & Products		Amd Amd instinct Mi300a Amd instinct Mi300x Amd instinct Mi308x Amd instinct Mi325x Amd radeon Pro W7000 Series Amd radeon Rx 7000 Series

Fri, 15 May 2026 05:45:00 +0000

Type	Values Removed	Values Added
Title		Unauthorized Access via Improper VCN‑JPEG Register Isolation in AMD GPU Systems
Weaknesses		CWE-269 CWE-284

Fri, 15 May 2026 04:30:00 +0000

Type	Values Removed	Values Added
Description		Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data.
References		https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
Metrics		cvssV4_0 `{'score': 8.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}`

Subscriptions

Amd Instinct Mi300a Instinct Mi300x Instinct Mi308x Instinct Mi325x Radeon Pro W7000 Series Radeon Rx 7000 Series

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2026-05-15T02:59:08.150Z

Updated: 2026-05-16T03:56:11.834Z

Reserved: 2024-05-23T19:44:40.301Z

Link: CVE-2024-36323

Vulnrichment

Updated: 2026-05-15T11:13:41.134Z

NVD

Status : Awaiting Analysis

Published: 2026-05-15T05:16:32.513

Modified: 2026-05-15T14:10:17.083

Link: CVE-2024-36323

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-15T11:20:55Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object