CVE-2024-36319

MEDIUM

AMD's Video Decoder Engine Firmware - Code Injection

Title source: llm

Description

Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system.

References (1)

Core 1

Core References

Vendor Advisory

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html

Scores

CVSS v4 6.3

EPSS 0.0001

EPSS Percentile 1.8%

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1191

Status published

Products (14)

AMD/AMD Instinct™ MI300A ROCm 6.2.4

AMD/AMD Instinct™ MI300X ROCm 6.2.4

AMD/AMD Instinct™ MI308X ROCm 6.2.4

AMD/AMD Instinct™ MI325X ROCm 6.2.4

AMD/AMD Radeon™ PRO V710 Contact your AMD Customer Engineering representative

AMD/AMD Radeon™ PRO W7000 Series Graphics Products 25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2(25.10.10), Radeon Software For Linux 25.10.1

AMD/AMD Radeon™ RX 7000 Series Graphics Products 25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2(25.10.10), Radeon Software For Linux 25.10.1

AMD/AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics; AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2

AMD/AMD Ryzen™ 8000 Series Desktop Processors AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2

AMD/AMD Ryzen™ AI 300 Series Processors AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2

... and 4 more

Published Feb 12, 2026

Tracked Since Feb 18, 2026