CVE-2024-21962

Summary

Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 4005 Series ProcessorsAMD RAID Software: 9.3.3.245unaffected
AMDAMD EPYC™ 4004 Series ProcessorsAMD RAID Software: 9.3.3.245unaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsAMD RAID Software: 9.3.3.245unaffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ Threadripper™ 7000 WX-Series ProcessorsAMD RAID Software: 9.3.3.245unaffected
AMDAMD Ryzen™ 9000HX Series ProcessorsAMD RAID Software: 9.3.3.245unaffected
AMDAMD Ryzen™ Threadripper™ PRO 5000 WX-Series ProcessorsAMD RAID Software: 9.3.3.245unaffected
AMDAMD Ryzen™ 3000 Series Desktop ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ 3000 Series Mobile Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ 5000 Series Desktop ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ GraphicsAMD RAID Software: 9.3.3.245unaffected
AMDAMD Ryzen™ 8040 Series Mobile Processors with Radeon™ GraphicsAMD RAID Software: 9.3.3.245unaffected
AMDAMD Ryzen™ Z2 Series ProcessorsAMD RAID Software: 9.3.3.245unaffected
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ AI 300 Series ProcessorsAMD RAID Software: 9.3.3.245unaffected
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ 7045 Series Mobile Processors with Radeon™ GraphicsAMD RAID Software: 9.3.3.245unaffected
AMDAMD Ryzen™ AI Max 300 Series ProcessorsAMD RAID Software: 9.3.3.245unaffected
AMDAMD Ryzen™ Threadripper™ 9000 SeriesAMD RAID Software: 9.3.3.245unaffected
AMDAMD Ryzen™ 2000 Mobile ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ 4000 Series Desktop ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsAMD RAID Software: 9.3.3.245unaffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsAMD RAID Software: 9.3.3.245unaffected
AMDAMD Ryzen™ 9000 Series Desktop ProcessorsAMD RAID Software: 9.3.3.245unaffected
AMDAMD EPYC™ Embedded 4005 Series ProcessorsEmbedded EPYC_4005 Windows RAID Driver - 9.3.3.00245 - (71794)unaffected

Weaknesses

  • CWE-1220: CWE-1220 Insufficient Granularity of Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References