CVE-2024-36324
Published: 11 February 2026
Summary
CVE-2024-36324 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Amd (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2024-36324 is an improper input validation vulnerability in the AMD Graphics Driver, mapped to CWE-787 (Out-of-bounds Write). Published on 2026-02-11, it enables an attacker to supply a specially crafted pointer, potentially resulting in arbitrary code execution. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), reflecting its high severity due to local attack vector, low complexity, and significant impacts across confidentiality, integrity, and availability.
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. The changed scope (S:C) allows the exploit to affect components beyond the vulnerable driver, achieving high-impact arbitrary code execution that could lead to full system compromise, privilege escalation, or persistent access.
AMD has published security bulletin AMD-SB-6024 at https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html, which details affected products and provides guidance on mitigations or patches. Security practitioners should consult this advisory for specific remediation steps.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-55400
Vulnerability details
Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local out-of-bounds write in kernel driver directly enables exploitation for privilege escalation to arbitrary code execution and full system compromise.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of inputs such as specially crafted pointers to prevent out-of-bounds writes in the AMD Graphics Driver.
Implements memory protections that mitigate arbitrary code execution from out-of-bounds writes exploited via invalid pointers.
Mandates timely flaw remediation through patching as detailed in AMD-SB-6024 to eliminate the improper input validation vulnerability.