SARA / Free Tools / CVE / CVE-2024-36353

CVE-2024-36353 — Insufficient clearing of GPU global memory could allow a malicious process runni

Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality.

CVSS
6.5 MEDIUM
EPSS
4.00% (top 88.50%)
CWE
CWE-459
Published
2025-03-02T17:33:11.636Z
Last modified
2025-10-14T17:36:48.115Z
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

01What is this vulnerability?

Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality.

02Affected products

VendorProductVersions
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsRadeon Software For Linux 25.10.1
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsRadeon Software For Linux 25.10.1
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsRadeon Software For Linux 25.10.1
AMDAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ GraphicsRadeon Software For Linux 25.10.1
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsRadeon Software For Linux 25.10.1
AMDAMD Ryzen™ 7045 Series Mobile Processors with Radeon™ GraphicsRadeon Software For Linux 25.10.1
AMDAMD Ryzen™ 7000 Series Desktop ProcessorRadeon Software For Linux 25.10.1
AMDAMD Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsRadeon Software For Linux 25.10.1
AMDAMD Ryzen™ 7030 Series Mobile Processors with Radeon™ GraphicsRadeon Software For Linux 25.10.1
AMDAMD Ryzen™ 9000HX Series ProcessorsRadeon Software For Linux 25.10.1
AMDAMD Ryzen™ AI Max 300 Series ProcessorsRadeon Software For Linux 25.10.1
AMDAMD Ryzen™ Z2 Series Processors ExtremeRadeon Software For Linux 25.10.1
AMDAMD Ryzen™ 7035 Series Processors with Radeon™ GraphicsRadeon Software For Linux 25.10.1
AMDAMD Ryzen™ 4000 Series Desktop ProcessorsRadeon Software For Linux 25.10.1
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsRadeon Software For Linux 25.10.1
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsRadeon Software For Linux 25.10.1
AMDAMD Ryzen™ 9000 Series Desktop ProcessorsRadeon Software For Linux 25.10.1
AMDRyzen™ Embedded R1000Kernel 6.12.25 LTS
AMDRyzen™ Embedded R2000Kernel 6.12.25 LTS
AMDAMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Raven Ridge")Kernel 6.12.25 LTS
AMDRyzen™ Embedded V2000Kernel 6.12.25 LTS
AMDRyzen™ Embedded V3000Kernel 6.12.25 LTS
AMDAMD Ryzen Embedded V2000A Series ProcessorsKernel 6.12.25 LTS
AMDAMD Radeon™ RX 5000/PRO W5000 Series Graphics ProductsRadeon Software For Linux 25.10.1
AMDAMD Radeon™ RX6000/PRO W6000 Series Graphics ProductsRadeon Software For Linux 25.10.1
AMDAMD Radeon™ RX 7000/PRO W7000 Series Graphics ProductsRadeon Software For Linux 25.10.1
AMDAMD Radeon™ PRO V520Contact your AMD Customer Engineering representative
AMDAMD Radeon™ PRO V620Contact your AMD Customer Engineering representative
AMDAMD Radeon™ PRO V710Contact your AMD Customer Engineering representative

03Active exploitation status

Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.

04Recommended remediation

05Technical details

For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.

06Detection signatures

Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:

Open in Sigma generator →

07Related CVEs

No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.

08Timeline

09References

Want this in your SOAR or SIEM?
SARA's API returns EPSS, CVSS, KEV, and an analyst-grade summary in one call.
Read the API reference →
EPSS detail → Search KEV → Ask SARA →