CVE-2024-21924
8.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | AMD EPYC™ 7002 Processors | Rome PI 1.0.0.K | unaffected |
| AMD | AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors | ChagallWSPI-sWRX8 1.0.0.9 | unaffected |
| AMD | AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors | CastlePeakWSPI-sWRX8 1.0.0.E | unaffected |
| AMD | AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors | ChagallWSPI-sWRX8 1.0.0.9 | unaffected |
| AMD | AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors | StormPeakPI-SP6 1.1.0.0h | unaffected |
| AMD | AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors | StormPeakPI-SP6 1.0.0.1j | unaffected |
| AMD | AMD EPYC™ Embedded 7002 Processors | EmbRomePI-SP3 1.0.0.D | unaffected |
Weaknesses
- CWE-250: CWE-250 Execution with Unnecessary Privileges
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.