CVE-2024-36332 Overview
CVE-2024-36332 is a hardware isolation vulnerability in AMD GPU memory-mapped I/O (MMIO) register space. A privileged attacker operating inside a malicious guest virtual machine (VM) can access a specific victim range of GPU MMIO registers that should remain isolated from guest contexts. The unauthorized access can force the host operating system to reboot, producing a denial of service (DoS) condition that affects every workload on the hypervisor. The issue is tracked under CWE-1189: Improper Isolation of Shared Resources on System-on-a-Chip and documented in AMD Security Bulletin #6027.
Critical Impact
A privileged guest VM user can crash and reboot the host hypervisor, taking down all co-tenant virtual machines on the affected server.
Affected Products
- AMD GPUs exposing MMIO register space to virtualized guests (see AMD Security Bulletin #6027)
- Hypervisor hosts running GPU passthrough or SR-IOV configurations using affected AMD GPU hardware
- Multi-tenant virtualization environments relying on GPU partitioning for guest workloads
Discovery Timeline
- 2026-05-15 - CVE-2024-36332 published to NVD
- 2026-05-15 - Last updated in NVD database
Technical Details for CVE-2024-36332
Vulnerability Analysis
The flaw stems from incomplete isolation between guest-accessible and host-reserved GPU MMIO register regions. When a GPU is shared with or passed through to a guest VM, the hardware and its supporting software must partition the register space so that guest writes cannot touch host-controlled state. In affected configurations, a specific range of MMIO registers reserved for host use remains reachable from inside the guest. A privileged user in the guest VM, such as a root or administrator account, can issue register accesses that destabilize the GPU and cascade into a host kernel fault. The result is a forced host reboot rather than a contained guest crash, breaking the tenant isolation boundary that virtualization is expected to provide.
Root Cause
The root cause is improper isolation of shared hardware resources [CWE-1189]. The GPU register filtering logic, implemented in hardware or in the host-side virtualization driver, fails to block guest access to a victim subrange of MMIO addresses. Because MMIO writes operate at the device level, malformed values propagate directly into device state without mediation by the host OS, bypassing software access controls.
Attack Vector
Exploitation requires local access with low privileges inside the guest VM. The attacker does not need user interaction on the host and does not need network access. From within the guest, the attacker maps or otherwise accesses the exposed MMIO range and writes values that trigger an unrecoverable GPU or host state. The impact is limited to availability: no confidentiality or integrity loss is reported in the advisory. No public proof-of-concept exploit is currently available, and the issue is not listed on the CISA Known Exploited Vulnerabilities catalog.
No verified exploitation code is available. Refer to the AMD Security Bulletin #6027 for vendor-supplied technical detail.
Detection Methods for CVE-2024-36332
Indicators of Compromise
- Unexpected host reboots or kernel panics on hypervisors with AMD GPU passthrough or SR-IOV configurations.
- GPU driver errors, PCIe AER (Advanced Error Reporting) events, or MMIO bus faults logged immediately before host failure.
- Repeated host instability correlated with activity from a single guest VM that has privileged GPU access.
Detection Strategies
- Correlate hypervisor crash dumps and dmesg output with GPU driver fault signatures and PCIe error events.
- Monitor guest VM workloads for unusual direct MMIO access patterns to GPU BAR (Base Address Register) regions.
- Track host uptime metrics per hypervisor and alert on unplanned reboots that coincide with guest GPU workload changes.
Monitoring Recommendations
- Forward hypervisor kernel logs, IOMMU events, and GPU driver telemetry to a centralized log platform for retention and correlation.
- Alert on PCIe AER fatal errors and GPU reset events on hosts running AMD GPUs assigned to guests.
- Maintain an inventory of which guest VMs have privileged GPU passthrough to scope investigation quickly after a host crash.
How to Mitigate CVE-2024-36332
Immediate Actions Required
- Apply firmware and driver updates referenced in AMD Security Bulletin #6027 on all affected hypervisors.
- Audit which guest VMs have GPU passthrough or SR-IOV access and restrict privileged accounts inside those guests to trusted operators.
- Isolate sensitive workloads onto hypervisors that are not shared with untrusted tenants holding GPU access.
Patch Information
AMD has published guidance in Security Bulletin #6027. Administrators should consult the bulletin for the specific firmware versions, GPU models, and driver builds that contain the isolation fix, and schedule rollout across hypervisor fleets running AMD GPU virtualization.
Workarounds
- Disable GPU passthrough and SR-IOV for guest VMs on affected hosts until vendor updates are deployed.
- Limit GPU-enabled VMs to single-tenant hosts so that a host reboot does not affect unrelated tenants.
- Restrict administrative privileges inside guest VMs that retain GPU access to reduce the population of users able to reach MMIO registers.
# Example: list PCI devices assigned to guests and identify AMD GPUs on a Linux/KVM host
lspci -nn | grep -i -E 'amd|ati'
virsh nodedev-list --tree | grep -i pci
# Detach a GPU from guest passthrough until patched
virsh detach-device <guest-name> /path/to/gpu-hostdev.xml --persistent
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
