Vulnerabilities ›

CVE-2024-36333

High

CWE-427 — Weakness Type

                    Published: May 15, 2026                      ·  Modified: May 21, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

🤖 AI Executive Summary

CVE-2024-36333 is a DLL hijacking vulnerability in AMD Cleanup Utility affecting AMD Radeon Pro software that could enable privilege escalation and arbitrary code execution. With a CVSS score of 7.8 and no patch currently available, this poses a significant risk to organizations using AMD professional graphics solutions. The vulnerability requires local access but could allow attackers to execute code with elevated privileges on affected systems.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 20, 2026 07:01

🇸🇦 Saudi Arabia Impact Assessment

Saudi organizations most at risk include: (1) Government agencies and NCA-regulated entities using AMD Radeon Pro workstations for design/engineering; (2) Banking sector (SAMA-regulated) utilizing professional graphics for data visualization and risk modeling; (3) Energy sector (ARAMCO and affiliates) employing AMD Pro GPUs for simulation and modeling; (4) Telecommunications (STC, Mobily) using professional workstations; (5) Healthcare institutions with medical imaging and research departments; (6) Large enterprises in construction, architecture, and engineering sectors. The vulnerability's local access requirement limits exposure but poses significant risk in shared workstation environments common in Saudi corporate settings.

🏢 Affected Saudi Sectors

Government Banking and Financial Services Energy and Utilities Telecommunications Healthcare Engineering and Architecture Construction Manufacturing Research and Development

🎯 MITRE ATT&CK Techniques

T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder T1574.001 - Hijack Execution Flow: DLL Search Order Hijacking T1574.002 - Hijack Execution Flow: DLL Side-Loading T1548.002 - Abuse Elevation Control Mechanism: Bypass User Account Control T1548.004 - Abuse Elevation Control Mechanism: Elevated Execution with Prompt T1053.005 - Scheduled Task/Job: Scheduled Task T1204.001 - User Execution: Malicious Link T1204.002 - User Execution: Malicious File

⚖️ Saudi Risk Score (AI)

7.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Inventory all systems running AMD Cleanup Utility version 25.20.00.00 and AMD Radeon Pro software

2. Restrict local access to affected workstations to authorized personnel only

3. Disable or remove AMD Cleanup Utility if not actively required

4. Implement application whitelisting to prevent unauthorized DLL loading



Compensating Controls:

1. Apply principle of least privilege - ensure users do not run with administrative rights unnecessarily

2. Monitor and log DLL loading activities using Windows Event Viewer (Event ID 7 in Sysmon)

3. Implement AppLocker or Windows Defender Application Control (WDAC) policies to restrict DLL execution from suspicious locations

4. Use endpoint detection and response (EDR) solutions to detect DLL hijacking attempts

5. Restrict write permissions to system directories and application installation folders



Detection Rules:

1. Monitor for unsigned or suspicious DLL files in AMD installation directories

2. Alert on DLL loading from %TEMP%, %APPDATA%, or user-writable directories by AMD processes

3. Track process creation with elevated privileges initiated by AMD Cleanup Utility

4. Monitor registry modifications related to DLL search paths



Patching:

1. Check AMD's security advisories regularly for patch availability

2. Subscribe to AMD security notifications at amd.com/security

3. When patch becomes available, test in non-production environment before deployment

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. حصر جميع الأنظمة التي تعمل بأداة تنظيف AMD الإصدار 25.20.00.00 وبرنامج AMD Radeon Pro

2. تقييد الوصول المحلي إلى محطات العمل المتأثرة للموظفين المصرح لهم فقط

3. تعطيل أو إزالة أداة تنظيف AMD إذا لم تكن مطلوبة بنشاط

4. تطبيق قائمة بيضاء للتطبيقات لمنع تحميل DLL غير المصرح به

الضوابط التعويضية:

1. تطبيق مبدأ أقل امتياز - تأكد من عدم تشغيل المستخدمين بحقوق إدارية غير ضرورية

2. مراقبة وتسجيل أنشطة تحميل DLL باستخدام عارض أحداث Windows (معرف الحدث 7 في Sysmon)

3. تطبيق سياسات AppLocker أو Windows Defender Application Control (WDAC) لتقييد تنفيذ DLL من مواقع مريبة

4. استخدام حلول الكشف والاستجابة للنقاط النهائية (EDR) للكشف عن محاولات اختطاف DLL

5. تقييد أذونات الكتابة إلى مجلدات النظام ومجلدات تثبيت التطبيقات

قواعد الكشف:

1. مراقبة ملفات DLL غير الموقعة أو المريبة في مجلدات تثبيت AMD

2. تنبيه عند تحميل DLL من %TEMP% أو %APPDATA% أو مجلدات قابلة للكتابة من قبل عمليات AMD

3. تتبع إنشاء العمليات برامتيازات مرتفعة التي تبدأ بواسطة أداة تنظيف AMD

4. مراقبة تعديلات السجل المتعلقة بمسارات البحث عن DLL

التصحيح:

1. تحقق من نشرات أمان AMD بانتظام لتوفر التصحيحات

2. اشترك في إخطارات أمان AMD على amd.com/security

3. عند توفر التصحيح، اختبره في بيئة غير الإنتاج قبل النشر

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information security policies and procedures A.5.2.1 - User access management A.5.2.3 - Management of privileged access rights A.5.3.1 - Password management A.8.1.1 - User endpoint devices A.8.2.1 - Privileged access rights A.8.2.3 - Information access restriction A.8.3.1 - Cryptography A.8.3.2 - Cryptographic key management

🔵 SAMA CSF

ID.AM-2 - Software platforms and applications are inventoried PR.AC-1 - Identities and credentials are issued and managed securely PR.AC-3 - Access is managed through least privilege principles PR.AC-4 - Access rights and privileges are managed PR.DS-5 - Protections against data leakage are implemented DE.CM-1 - The network is monitored to detect potential cybersecurity events DE.CM-7 - Monitoring for unauthorized personnel, connections, devices, and software is performed

🟡 ISO 27001:2022

5.3 - Segregation of duties 6.5.1 - Information security in supplier relationships 8.1.1 - User endpoint devices 8.2.1 - User registration and de-registration 8.2.3 - Management of privileged access rights 8.3.1 - Information access control 8.3.2 - Access to networks and network services 8.3.4 - Restriction of information access 8.6.1 - Application security 8.7.1 - Cryptographic controls

🔗 References & Sources 1

🔗

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html

psirt@amd.com

Vendor Advisory

📦 Affected Products / CPE 3 entries

amd:radeon_software

amd:cleanup_utility:25.20.00.00

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-427

EPSS0.01%

Exploit No

Patch ✗ No

Published 2026-05-15

Source Feed nvd

🇸🇦 Saudi Risk Score

7.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-427

🏢 Vendor Advisories

🔗 https://www.amd.com/en/resources/product-security/bu...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2024-36333

Introduce Yourself

Sign In Required