Description
A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
Published: 2026-05-15
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A DLL hijacking flaw in the AMD Cleanup Utility permits a malicious actor to supply a rogue dynamic library that the Utility will load in place of a legitimate one. The attacker can then execute the injected code with the credentials of the Utility’s process, which typically runs with elevated system privileges, thereby achieving privilege escalation that may lead to arbitrary code execution on the affected machine. This weakness corresponds to the DLL hijacking concept and involves improper validation of DLL loading paths.

Affected Systems

AMD products affected include the AMD Cleanup Utility as well as a wide range of Radeon GPUs across the VII, RX 5000/6000/7000, RX Vega, and PRO series cards. No specific version information is listed, so all installations that use the Utility at the time of the disclosure are considered potentially vulnerable.

Risk and Exploitability

The CVSS score for this issue is 7, indicating a high severity. EPSS score is 0.00011, indicating a very low likelihood of exploitation, and the vulnerability is not listed in CISA’s KEV catalog, suggesting no known widespread exploitation yet. The attack vector is inferred to be local, relying on an attacker who can place a malicious DLL in a location that the Utility searches first; remote exploitation would require an additional vulnerability or compromised administrative access.

Generated by OpenCVE AI on May 15, 2026 at 15:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the AMD Cleanup Utility to the latest version released by AMD
  • If the Utility is not required for system operation, uninstall or disable it
  • Restrict permissions on directories that the Utility scans for DLLs so it cannot load code from untrusted locations
  • Monitor system logs for unusual DLL load events or abrupt privilege escalation attempts

Generated by OpenCVE AI on May 15, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 16:15:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via DLL Hijacking in AMD Cleanup Utility

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
Title DLL Hijacking in AMD Cleanup Utility Enables Privilege Escalation
Weaknesses CWE-444

Fri, 15 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-427
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 15 May 2026 05:45:00 +0000

Type Values Removed Values Added
Title DLL Hijacking in AMD Cleanup Utility Enables Privilege Escalation
Weaknesses CWE-444

Fri, 15 May 2026 04:30:00 +0000

Type Values Removed Values Added
Description A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
References
Metrics cvssV4_0

{'score': 7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-16T03:56:12.910Z

Reserved: 2024-05-23T19:44:44.387Z

Link: CVE-2024-36333

cve-icon Vulnrichment

Updated: 2026-05-15T11:15:37.673Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T05:16:32.630

Modified: 2026-05-15T14:10:17.083

Link: CVE-2024-36333

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T16:00:03Z

Weaknesses