CVE-2024-21937

Summary

Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Software: PRO Edition0 < 24.10.16affected
AMDAMD Software: PRO Edition0 < 24.Q2 (24.10.20)affected
AMDAMD Software: Adrenalin Edition0 < 24.6.1 (24.10.21.01)affected
AMDAMD Software: Cloud Edition0 < 24.7.1affected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References