CVE-2024-36332: CWE-1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC) in AMD AMD Radeon™ PRO V710
Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine (VM) to perform unauthorized access to specific victim range of GPU MMIO register space, potentially causing the host OS to reboot and creating a Denial of Service (DOS) condition.
AI Analysis
Technical Summary
This vulnerability involves improper isolation of the GPU hardware register space on the AMD Radeon™ PRO V710, enabling a privileged attacker in a guest VM to access GPU MMIO registers outside their authorized range. Such unauthorized access can lead to a host OS reboot and denial of service. The CVSS 4.0 vector indicates local attack vector with low complexity, requiring privileged access but no user interaction. No remediation level or patch information is currently available from AMD, and the product is not a cloud service.
Potential Impact
An attacker with privileged access inside a guest VM can cause the host OS to reboot by accessing GPU MMIO registers improperly isolated by the hardware. This leads to a denial of service condition affecting system availability. There is no indication of data confidentiality or integrity compromise. No known exploits have been reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, limit privileged access within guest VMs and monitor for unusual system reboots related to GPU activity. No official remediation or temporary fix has been provided by AMD at this time.
CVE-2024-36332: CWE-1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC) in AMD AMD Radeon™ PRO V710
Description
Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine (VM) to perform unauthorized access to specific victim range of GPU MMIO register space, potentially causing the host OS to reboot and creating a Denial of Service (DOS) condition.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves improper isolation of the GPU hardware register space on the AMD Radeon™ PRO V710, enabling a privileged attacker in a guest VM to access GPU MMIO registers outside their authorized range. Such unauthorized access can lead to a host OS reboot and denial of service. The CVSS 4.0 vector indicates local attack vector with low complexity, requiring privileged access but no user interaction. No remediation level or patch information is currently available from AMD, and the product is not a cloud service.
Potential Impact
An attacker with privileged access inside a guest VM can cause the host OS to reboot by accessing GPU MMIO registers improperly isolated by the hardware. This leads to a denial of service condition affecting system availability. There is no indication of data confidentiality or integrity compromise. No known exploits have been reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, limit privileged access within guest VMs and monitor for unusual system reboots related to GPU activity. No official remediation or temporary fix has been provided by AMD at this time.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- AMD
- Date Reserved
- 2024-05-23T19:44:44.387Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a068dbfec166c07b09ac975
Added to database: 5/15/2026, 3:06:39 AM
Last enriched: 5/15/2026, 3:23:23 AM
Last updated: 5/16/2026, 6:26:47 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.