CVE-2024-21981

Summary

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 7001 Series Processorsvariousaffected
AMDAMD EPYC™ 7002 Series Processorsvariousaffected
AMDAMD EPYC™ 7003 Series Processorsvariousaffected
AMDAMD Ryzen™ 3000 Series Desktop Processorsvariousaffected
AMDAMD Ryzen™ 5000 Series Desktop Processorsvariousaffected
AMDAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphicsvariousaffected
AMDAMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphicsvariousaffected
AMDAMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphicsvariousaffected
AMDAMD Ryzen™ Threadripper™ 3000 Series Processorsvariousaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series Processorsvariousaffected
AMDAMD Ryzen™ Threadripper™ PRO 5000WX Processorsvariousaffected
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphicsvariousaffected
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphicsvariousaffected
AMDAMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphicsvariousaffected
AMDAMD EPYC™ Embedded 3000 Series Processorsvariousaffected
AMDAMD EPYC™ Embedded 7002 Series Processorsvariousaffected
AMDAMD EPYC™ Embedded 7003 Series Processorsvariousaffected
AMDAMD Ryzen™ Embedded R1000 Series Processorsvariousaffected
AMDAMD Ryzen™ Embedded R2000 Series Processorsvariousaffected
AMDAMD Ryzen™ Embedded 5000 Series Processorsvariousaffected
AMDAMD Ryzen™ Embedded V1000 Series Processorsvariousaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References