CVE-2024-36323: VCN-JPEG Hardware Privilege Escalation

CVE-2024-36323 Overview

CVE-2024-36323 is a hardware isolation flaw affecting AMD Video Core Next (VCN) JPEG cores. The vulnerability stems from improper isolation of VCN-JPEG hardware register space between guest virtual machines or processes. A malicious guest VM or local process can access register space belonging to a victim VM or process assigned to the JPEG cores. This unauthorized access enables arbitrary read and write operations against victim data.

The issue is tracked under [CWE-284: Improper Access Control] and is documented in AMD Security Bulletin #6027.

Critical Impact

A local attacker with low privileges can break VM-to-VM and process-to-process isolation boundaries on affected AMD GPU hardware, gaining arbitrary read/write access to victim data through shared JPEG core register space.

Affected Products

• AMD GPU products implementing VCN-JPEG cores (see AMD Security Bulletin #6027 for specific model and driver versions)
• Virtualized environments using AMD GPU SR-IOV with VCN-JPEG acceleration
• Multi-tenant systems sharing JPEG decode/encode acceleration across guest VMs

Discovery Timeline

• 2026-05-15 - CVE-2024-36323 published to NVD
• 2026-05-15 - Last updated in NVD database

Technical Details for CVE-2024-36323

Vulnerability Analysis

The vulnerability resides in the hardware register space management for AMD's VCN-JPEG cores. These cores accelerate JPEG encode and decode operations and can be assigned to guest VMs or user processes in virtualized GPU deployments. The hardware fails to enforce strict isolation between the register spaces assigned to different tenants.

An attacker operating within one guest VM or process can issue register accesses that reach register space allocated to a victim tenant. This breaks the security boundary that virtualization and process isolation are expected to provide. Because the JPEG cores process image data on behalf of the assigned tenant, the attacker gains a path to arbitrary read and write access to victim data flowing through those cores.

The weakness maps to [CWE-284: Improper Access Control] and impacts confidentiality, integrity, and availability of co-tenant workloads.

Root Cause

The root cause is missing or insufficient access control enforcement on VCN-JPEG hardware register space. The hardware design or firmware does not validate that register accesses originate from the tenant that owns the targeted JPEG core registers. Without strict per-tenant register access checks, cross-tenant access becomes possible whenever multiple VMs or processes share the JPEG subsystem.

Attack Vector

Exploitation requires local access with low privileges on the host or within a co-located guest VM that has been assigned access to the GPU. The attacker does not need user interaction but must run code with sufficient access to issue commands to the GPU and reach VCN-JPEG register space. The vector is local rather than network-reachable, but the impact crosses tenant boundaries in multi-tenant cloud and virtualization deployments.

No public proof-of-concept exploit is available for CVE-2024-36323, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Refer to the AMD Security Bulletin #6027 for vendor-specific technical details.

Detection Methods for CVE-2024-36323

Indicators of Compromise

• Unexpected GPU register access patterns from guest VMs targeting JPEG core MMIO ranges outside their assigned allocation
• Anomalous JPEG workload submissions from processes that do not normally use VCN-JPEG acceleration
• Unexplained data corruption or content leakage in JPEG-processed media originating from co-tenant workloads

Detection Strategies

• Audit hypervisor and GPU driver logs for register access violations or unexpected VCN-JPEG access requests from guest VMs
• Monitor AMD GPU driver telemetry and dmesg output for warnings related to VCN-JPEG register access or SR-IOV partitioning
• Inventory all hosts running affected AMD GPU hardware and correlate with current driver and firmware versions against the AMD advisory

Monitoring Recommendations

• Track GPU driver and firmware versions across the fleet and alert on hosts lagging behind the patched baseline from AMD Security Bulletin #6027
• Log and review VM-to-GPU assignment events, particularly in multi-tenant virtualization platforms using AMD SR-IOV
• Establish baselines for VCN-JPEG utilization per tenant and alert on workloads accessing the JPEG subsystem outside expected patterns

How to Mitigate CVE-2024-36323

Immediate Actions Required

• Identify all systems with AMD GPUs that expose VCN-JPEG cores to guest VMs or untrusted processes
• Apply the firmware and driver updates referenced in AMD Security Bulletin #6027 as soon as they are available for your platform
• Restrict local access to affected hosts and review which tenants share GPU resources on multi-tenant infrastructure

Patch Information

AMD has published remediation guidance in AMD Security Bulletin #6027. Administrators should consult the bulletin for the specific GPU models, driver versions, and firmware revisions that address the VCN-JPEG isolation flaw. Apply updates through the vendor channel appropriate to the deployment, whether bare-metal driver packages, hypervisor vendor updates, or cloud provider maintenance windows.

Workarounds

• Disable VCN-JPEG acceleration passthrough to untrusted guest VMs where the workload does not require GPU JPEG offload
• Avoid co-locating sensitive workloads with untrusted tenants on the same physical GPU until firmware and driver patches are deployed
• Where possible, dedicate affected GPUs to a single tenant to eliminate cross-tenant register space sharing

# Identify AMD GPU devices and current driver/firmware versions
lspci -nn | grep -i amd
cat /sys/kernel/debug/dri/0/amdgpu_firmware_info 2>/dev/null
modinfo amdgpu | grep -E '^(version|firmware)'

# Review GPU passthrough assignments in libvirt environments
virsh nodedev-list --cap pci | grep -i amd
virsh dumpxml <vm-name> | grep -A2 hostdev