AMD Ryzen AI Software Update Addresses Multi Security Vulnerabilities

AMD has released an update to its Ryzen AI software to address several high-severity security vulnerabilities. The Ryzen AI software is designed to optimize and deploy AI inference on PCs powered by AMD Ryzen AI processors, enabling applications to run on the Neural Processing Unit (NPU) built into the AMD XDNA architecture. The vulnerabilities, if exploited, could allow local attackers to escalate privileges, write out of bounds, and potentially execute arbitrary code.

The security bulletin details multiple Common Vulnerabilities and Exposures (CVEs):

CVE-2025-0014: This vulnerability, with a CVSS score of 7.3 (High), is due to incorrect default permissions on the AMD Ryzen AI installation folder. An attacker could exploit this to achieve privilege escalation, potentially leading to arbitrary code execution.
CVE-2024-36337, CVE-2024-36328, and CVE-2024-36336: These vulnerabilities, with CVSS scores of 7.9 (High), 7.3 (High), and 7.9 (High) respectively, are attributed to integer overflows within the AMD NPU Driver. A local attacker could exploit these flaws to write out of bounds, potentially leading to a loss of confidentiality, integrity, or availability.

AMD strongly recommends that users update their AMD Ryzen AI Software to version 1.3 or higher to mitigate these vulnerabilities.

These vulnerabilities pose a significant risk to systems using AMD Ryzen AI software. Privilege escalation and arbitrary code execution can allow attackers to gain unauthorized access to sensitive data, install malware, or take control of the affected system. Out-of-bounds write vulnerabilities can lead to system instability, data corruption, or denial-of-service.

Users of AMD Ryzen AI-powered PCs should prioritize updating their software to the latest version. This proactive step is crucial in protecting systems from potential exploitation and ensuring the security and stability of AI workloads.