CVE-2024-36328
📋 TL;DR
An integer overflow vulnerability in AMD's NPU (Neural Processing Unit) driver allows a local attacker to write out of bounds memory. This could lead to system crashes, privilege escalation, or arbitrary code execution. Affects systems with AMD NPU hardware and vulnerable driver versions.
💻 Affected Systems
- AMD NPU Driver
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to full system compromise, kernel memory corruption, or persistent denial of service.
Likely Case
System instability, crashes, or denial of service affecting the NPU functionality and potentially the entire system.
If Mitigated
Limited to denial of service or application crashes if proper isolation and privilege separation are implemented.
🎯 Exploit Status
Exploitation requires local access and understanding of driver internals. No public exploit code known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to AMD security bulletin for specific patched driver versions.
Vendor Advisory: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html
Restart Required: Yes
Instructions:
1. Visit AMD security bulletin. 2. Identify affected driver version for your system. 3. Download and install the latest NPU driver from AMD's official website. 4. Reboot the system to apply changes.
🔧 Temporary Workarounds
Disable AMD NPU functionality
linuxTemporarily disable the NPU driver to prevent exploitation until patching is possible.
sudo modprobe -r amd_npu_driver
echo 'blacklist amd_npu_driver' | sudo tee /etc/modprobe.d/blacklist-amd-npu.conf
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable drivers to trusted personnel only.
- Implement strict privilege separation and monitor for unusual system behavior or crashes.
🔍 How to Verify
Check if Vulnerable:
Check installed AMD NPU driver version against the vulnerable versions listed in AMD's security bulletin.Check Version:
On Linux: 'modinfo amd_npu_driver | grep version' or check driver version in system logs/package manager.Verify Fix Applied:
Verify the driver version has been updated to a patched version after applying the update.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- Driver crash logs (dmesg)
- System instability reports
Network Indicators:
- None - local exploit only
SIEM Query:
Search for 'amd_npu_driver' crash events or unexpected system reboots on hosts with AMD NPU hardware.