SMM Callout Vulnerability in AmdPlatformRasSspSmm Driver
CVE-2024-21924

8.2HIGH

Key Information:

Vendor: Amd
Status: Amd Epyc™ 7002 Processors; Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors; Amd Ryzen™ Threadripper™ Pro 5000wx- Series Desktop Processors; Amd Ryzen™ Threadripper™ Pro 7000 Wx-series Processors
Vendor: CVE Published:; 11 February 2025

What is CVE-2024-21924?

A vulnerability exists in the AmdPlatformRasSspSmm driver that enables an attacker with ring 0 access to alter boot services handlers. This flaw could lead to unauthorized execution of arbitrary code, compromising the integrity of the system and allowing for potential system manipulation or further exploitation.

Affected Version(s)

AMD EPYC™ 7002 Processors Rome PI 1.0.0.K

AMD EPYC™ Embedded 7002 Processors EmbRomePI-SP3 1.0.0.D

AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors ChagallWSPI-sWRX8 1.0.0.9

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Jan 3, 2024