Introduction
Arbitrary memory writes and denial of service conditions can result from a single flaw in the graphics driver stack. CVE-2024-36352 demonstrates how improper input validation in AMD's Graphics Driver can allow local attackers to manipulate kernel memory, posing real risks to system integrity and availability.
Technical Information
CVE-2024-36352 is rooted in improper input validation within the AMD Graphics Driver. The vulnerability allows a local attacker with low privileges to supply a specially crafted pointer as input to the driver. Due to insufficient validation, the driver may dereference this pointer in kernel mode, leading to arbitrary memory writes or denial of service. The vulnerability is classified as CWE-822 (Untrusted Pointer Dereference).
Key technical characteristics:
- Attack vector: Local (AV:L)
- Attack complexity: Low (AC:L)
- Privileges required: Low (PR:L)
- No user interaction required (UI:N)
- Scope: Changed (S:C)
- Impact: High integrity and availability
The core issue is that user-supplied pointers are not adequately checked before being dereferenced in privileged code paths. This can allow attackers to target sensitive memory regions, potentially escalating privileges or crashing the system. No public code snippets or proof of concept are available at this time.
Affected Systems and Versions
Based on AMD's security bulletins and public sources, the following products are affected:
- AMD Athlon 3000 Series Mobile Processors with Radeon Graphics
- AMD Radeon Instinct Mi25 Graphics Products
Affected driver versions are not exhaustively listed in public sources, but AMD's advisories AMD-SB-5007 and AMD-SB-6018 cover embedded and graphics products respectively. Users should consult these bulletins for the most current affected version information.
Vendor Security History
AMD has previously addressed vulnerabilities in both graphics and processor components, including memory corruption and privilege escalation issues. The company publishes regular security bulletins and typically provides driver updates in response to reported vulnerabilities. The graphics driver stack has seen recurring issues related to memory safety, reflecting the complexity and performance demands of this software layer.