Security Vulnerabilities Found in AMD Ryzen AI Software

Recent reports have highlighted significant security vulnerabilities in AMD's AI software integrated into its latest Ryzen processors, known as Ryzen AI. These issues are primarily associated with the software and drivers that support the AI capabilities, exposing users to potential security risks.

On April 3, AMD issued a security advisory detailing four critical vulnerabilities within the AI software. The most severe of these flaws resides in the Neural Processing Unit (NPU) driver, where three integer overflow vulnerabilities have been identified. These vulnerabilities could potentially allow attackers to write outside designated memory boundaries, leading to the execution of malicious code. AMD has rated the severity of these vulnerabilities as high, with corresponding CVE identifiers (CVE-2024-36336, CVE-2024-36337) assigned a Common Vulnerability Scoring System (CVSS) score of 7.9, and another (CVE-2024-36328) rated at 7.3.

Additionally, developers creating AI software using the Ryzen AI SDK are at risk due to a vulnerability that could allow attackers to escalate their privileges and execute arbitrary code. This flaw is attributed to improperly set default permissions in the installation path of the Ryzen AI software, identified as CVE-2025-0014, which has a CVSS score of 7.3.

To mitigate these security risks, AMD has released updated software and drivers. Users are strongly encouraged to download the latest versions from AMD's Ryzen AI website to patch these vulnerabilities effectively. The updated NPU driver requires an AMD account and acceptance of a license agreement to access.

Installation of the updated driver can be completed through an administrative command prompt after extracting the archive and navigating to the appropriate path. Users can verify that the update has been successfully installed by checking the version in the device manager, where it should be listed as version 32.0.203.257 or newer.

Furthermore, developers can address the identified vulnerability by utilizing the Ryzen AI Software Development Kit (SDK) version 1.4.0 or later, which is also available for download after registering with an AMD account and completing a form. It is imperative for all affected users to update their software promptly to minimize exposure to these security threats.