CVE-2024-36337
📋 TL;DR
An integer overflow vulnerability in AMD NPU (Neural Processing Unit) Driver allows a local attacker to write out of bounds in kernel memory. This could lead to privilege escalation, system crashes, or arbitrary code execution. Affects systems with AMD NPU hardware and vulnerable driver versions.
💻 Affected Systems
- AMD NPU Driver
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains kernel-level privileges, executes arbitrary code, and achieves full system compromise including data theft, persistence, and lateral movement.
Likely Case
Local attacker causes system instability, denial of service, or limited privilege escalation depending on exploit sophistication.
If Mitigated
With proper access controls and patching, impact limited to denial of service or no exploitation due to insufficient privileges.
🎯 Exploit Status
Requires local access and driver interaction; integer overflow exploitation requires precise control.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check AMD advisory for specific patched driver versions
Vendor Advisory: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html
Restart Required: Yes
Instructions:
1. Visit AMD security advisory SB-7037. 2. Download latest NPU driver for your OS. 3. Install update following vendor instructions. 4. Reboot system.
🔧 Temporary Workarounds
Disable NPU Driver
linuxUnload or disable the vulnerable driver module if NPU functionality is not required
sudo modprobe -r amd_npu_driver
echo 'blacklist amd_npu_driver' | sudo tee /etc/modprobe.d/blacklist-amd-npu.conf
Restrict Driver Access
linuxUse OS security features to restrict access to driver interfaces
sudo chmod 600 /dev/amd_npu*
sudo setfacl -m u:root:rw /dev/amd_npu*
🧯 If You Can't Patch
- Implement strict access controls to limit local user privileges
- Monitor system logs for unusual driver activity or crash reports
🔍 How to Verify
Check if Vulnerable:
Check driver version against AMD advisory; examine system for loaded AMD NPU driverCheck Version:
Linux: modinfo amd_npu_driver | grep version; Windows: Check driver properties in Device ManagerVerify Fix Applied:
Verify updated driver version is installed and matches patched version in advisory📡 Detection & Monitoring
Log Indicators:
- Kernel panic/crash logs
- Driver load/unload events
- Permission denied errors for NPU device files
Network Indicators:
- None - local exploitation only
SIEM Query:
EventID=6008 OR source='kernel' AND message CONTAINS 'amd_npu' OR 'NPU' AND (panic OR crash OR oops)