Description
Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution.
Published: 2026-05-15
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Radeon RGB tool fails to properly verify the cryptographic signature of files it processes. A malicious file placed in the tool’s installation directory can thus be executed with the tool’s elevated privilege level, allowing an attacker to run arbitrary code on the host with potentially full system privileges. This flaw aligns with CWE-347 and provides a direct avenue for privilege escalation and compromise of confidentiality, integrity, and availability.

Affected Systems

AMD Radeon RX 7000 Series Graphics Products

Risk and Exploitability

The CVSS score of 7 indicates a medium to high severity. EPSS is not available so the current exploitation probability is unclear, but the flaw is not in the CISA KEV catalog, which suggests it has not yet been widely exploited. Attackers would need local access to place a malicious file in the installation directory. Hence the vulnerability is easier to exploit in environments where the Radeon RGB tool directory has write permissions for non‑privileged users or is not protected. Because the attack requires local file placement, the risk is significant only in scenarios where attackers can influence the installation path or obtain sufficient privileges to write to the directory.

Generated by OpenCVE AI on May 15, 2026 at 05:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check AMD for an updated Radeon RX 7000 Series driver bundle that patches the RGB tool’s signature verification.
  • Restrict write permissions on the Radeon RGB tool installation directory so that only authorized users can add files.
  • If the RGB tool is not needed, uninstall or disable it to eliminate the attack surface.

Generated by OpenCVE AI on May 15, 2026 at 05:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 15 May 2026 05:45:00 +0000

Type Values Removed Values Added
Title Improper Signature Verification in Radeon RGB Tool Enables Privilege Escalation

Fri, 15 May 2026 04:30:00 +0000

Type Values Removed Values Added
Description Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution.
Weaknesses CWE-347
References
Metrics cvssV4_0

{'score': 7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-16T03:56:14.045Z

Reserved: 2024-05-23T19:44:44.387Z

Link: CVE-2024-36334

cve-icon Vulnrichment

Updated: 2026-05-15T11:17:09.373Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T05:16:32.747

Modified: 2026-05-15T14:10:17.083

Link: CVE-2024-36334

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T05:30:36Z

Weaknesses