CVE-2024-21962
8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | AMD EPYC™ 4005 Series Processors | AMD RAID Software: 9.3.3.245 | unaffected |
| AMD | AMD EPYC™ 4004 Series Processors | AMD RAID Software: 9.3.3.245 | unaffected |
| AMD | AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors | AMD RAID Software: 9.3.3.245 | unaffected |
| AMD | AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics | No fix planned | unaffected |
| AMD | AMD Ryzen™ Threadripper™ 7000 WX-Series Processors | AMD RAID Software: 9.3.3.245 | unaffected |
| AMD | AMD Ryzen™ 9000HX Series Processors | AMD RAID Software: 9.3.3.245 | unaffected |
| AMD | AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors | AMD RAID Software: 9.3.3.245 | unaffected |
| AMD | AMD Ryzen™ 3000 Series Desktop Processors | No fix planned | unaffected |
| AMD | AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics | No fix planned | unaffected |
| AMD | AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics | No fix planned | unaffected |
| AMD | AMD Ryzen™ 5000 Series Desktop Processors | No fix planned | unaffected |
| AMD | AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics | AMD RAID Software: 9.3.3.245 | unaffected |
| AMD | AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics | AMD RAID Software: 9.3.3.245 | unaffected |
| AMD | AMD Ryzen™ Z2 Series Processors | AMD RAID Software: 9.3.3.245 | unaffected |
| AMD | AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics | No fix planned | unaffected |
| AMD | AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics | No fix planned | unaffected |
| AMD | AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics | No fix planned | unaffected |
| AMD | AMD Ryzen™ AI 300 Series Processors | AMD RAID Software: 9.3.3.245 | unaffected |
| AMD | AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics | No fix planned | unaffected |
| AMD | AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics | AMD RAID Software: 9.3.3.245 | unaffected |
| AMD | AMD Ryzen™ AI Max 300 Series Processors | AMD RAID Software: 9.3.3.245 | unaffected |
| AMD | AMD Ryzen™ Threadripper™ 9000 Series | AMD RAID Software: 9.3.3.245 | unaffected |
| AMD | AMD Ryzen™ 2000 Mobile Processors | No fix planned | unaffected |
| AMD | AMD Ryzen™ 4000 Series Desktop Processors | No fix planned | unaffected |
| AMD | AMD Ryzen™ 7000 Series Desktop Processors | AMD RAID Software: 9.3.3.245 | unaffected |
| AMD | AMD Ryzen™ 8000 Series Desktop Processors | AMD RAID Software: 9.3.3.245 | unaffected |
| AMD | AMD Ryzen™ 9000 Series Desktop Processors | AMD RAID Software: 9.3.3.245 | unaffected |
| AMD | AMD EPYC™ Embedded 4005 Series Processors | Embedded EPYC_4005 Windows RAID Driver - 9.3.3.00245 - (71794) | unaffected |
Weaknesses
- CWE-1220: CWE-1220 Insufficient Granularity of Access Control
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.