CVE-2024-21924

Summary

SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 7002 ProcessorsRome PI 1.0.0.Kunaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsChagallWSPI-sWRX8 1.0.0.9unaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsCastlePeakWSPI-sWRX8 1.0.0.Eunaffected
AMDAMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop ProcessorsChagallWSPI-sWRX8 1.0.0.9unaffected
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsStormPeakPI-SP6 1.1.0.0hunaffected
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsStormPeakPI-SP6 1.0.0.1junaffected
AMDAMD EPYC™ Embedded 7002 ProcessorsEmbRomePI-SP3 1.0.0.Dunaffected

Weaknesses

  • CWE-250: CWE-250 Execution with Unnecessary Privileges

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References