CVE-2024-36339 is a high-severity vulnerability classified under CWE-276 (Incorrect Default Permissions) affecting the AMD Optimizing CPU Libraries (AOCL). The vulnerability arises from improper default permissions on DLL files used by AOCL, which can be exploited through DLL hijacking. In this attack, an adversary places a malicious DLL with the same name as a legitimate one in a location that is searched before the legitimate DLL, causing the system to load the malicious DLL instead. This can lead to privilege escalation, allowing an attacker with limited privileges to execute arbitrary code with elevated rights. The CVSS 3.1 base score of 7.3 reflects the high impact on confidentiality, integrity, and availability, with an attack vector requiring local access (AV:L), low attack complexity (AC:L), and requiring privileges (PR:L) and user interaction (UI:R). The scope is unchanged (S:U), meaning the vulnerability affects components within the same security scope. Although no known exploits are currently reported in the wild, the potential for privilege escalation and arbitrary code execution makes this a significant threat, especially on systems using AMD CPUs with AOCL installed. The lack of specified affected versions suggests that the vulnerability may impact multiple or all versions of AOCL until patched. The absence of patch links indicates that a fix may not yet be publicly available or is pending release.

For European organizations, this vulnerability poses a serious risk, particularly in environments where AMD CPUs and AOCL are deployed, such as enterprise servers, workstations, and high-performance computing clusters. Successful exploitation could allow attackers to escalate privileges from a limited user account to higher system privileges, potentially leading to full system compromise. This could result in unauthorized access to sensitive data, disruption of critical services, and the deployment of persistent malware. Given the high confidentiality, integrity, and availability impacts, organizations handling sensitive personal data under GDPR, critical infrastructure, or intellectual property are at heightened risk. The requirement for local access and user interaction somewhat limits remote exploitation but does not eliminate the threat in scenarios involving insider threats, phishing, or compromised endpoints. The vulnerability could also be leveraged as part of multi-stage attacks to gain deeper footholds within networks.

European organizations should implement the following specific mitigations: 1) Monitor AMD and AOCL vendor communications closely for official patches and apply them promptly once available. 2) Audit and restrict file system permissions on directories where AOCL DLLs reside to prevent unauthorized write access, ensuring only trusted administrators can modify these files. 3) Employ application whitelisting and code integrity policies to prevent loading of unauthorized DLLs. 4) Use endpoint detection and response (EDR) solutions to monitor for suspicious DLL loading behaviors indicative of hijacking attempts. 5) Educate users about the risks of executing untrusted applications or opening suspicious files that could trigger user interaction required for exploitation. 6) Implement the principle of least privilege to limit user rights and reduce the impact of potential privilege escalation. 7) Regularly review and harden local security policies and group policies to prevent unauthorized changes to system libraries and environment variables influencing DLL search order.