AMD Graphics Driver CVE-2024-36352: Brief Summary of Untrusted Pointer Dereference Vulnerability

This post provides a brief summary of CVE-2024-36352, a high-severity untrusted pointer dereference vulnerability in AMD Graphics Driver. It covers affected versions, technical details, and vendor security history based on available public sources.
CVE Analysis

7 min read

ZeroPath CVE Analysis

ZeroPath CVE Analysis

2025-09-06

AMD Graphics Driver CVE-2024-36352: Brief Summary of Untrusted Pointer Dereference Vulnerability
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

Arbitrary memory writes and denial of service conditions can result from a single flaw in the graphics driver stack. CVE-2024-36352 demonstrates how improper input validation in AMD's Graphics Driver can allow local attackers to manipulate kernel memory, posing real risks to system integrity and availability.

Technical Information

CVE-2024-36352 is rooted in improper input validation within the AMD Graphics Driver. The vulnerability allows a local attacker with low privileges to supply a specially crafted pointer as input to the driver. Due to insufficient validation, the driver may dereference this pointer in kernel mode, leading to arbitrary memory writes or denial of service. The vulnerability is classified as CWE-822 (Untrusted Pointer Dereference).

Key technical characteristics:

  • Attack vector: Local (AV:L)
  • Attack complexity: Low (AC:L)
  • Privileges required: Low (PR:L)
  • No user interaction required (UI:N)
  • Scope: Changed (S:C)
  • Impact: High integrity and availability

The core issue is that user-supplied pointers are not adequately checked before being dereferenced in privileged code paths. This can allow attackers to target sensitive memory regions, potentially escalating privileges or crashing the system. No public code snippets or proof of concept are available at this time.

Affected Systems and Versions

Based on AMD's security bulletins and public sources, the following products are affected:

  • AMD Athlon 3000 Series Mobile Processors with Radeon Graphics
  • AMD Radeon Instinct Mi25 Graphics Products

Affected driver versions are not exhaustively listed in public sources, but AMD's advisories AMD-SB-5007 and AMD-SB-6018 cover embedded and graphics products respectively. Users should consult these bulletins for the most current affected version information.

Vendor Security History

AMD has previously addressed vulnerabilities in both graphics and processor components, including memory corruption and privilege escalation issues. The company publishes regular security bulletins and typically provides driver updates in response to reported vulnerabilities. The graphics driver stack has seen recurring issues related to memory safety, reflecting the complexity and performance demands of this software layer.

References

Detect & fix
what others miss