Privilege Escalation Vulnerability in AMD HIP SDK Installation Directory
CVE-2024-21937

7.8HIGH

Key Information:

Vendor: Amd
Status: Radeon Software; Radeon Software For Hip
Vendor: CVE Published:; 12 November 2024

What is CVE-2024-21937?

The AMD HIP SDK has been found to have an issue with incorrect default permissions in its installation directory. This flaw could potentially allow an attacker to escalate their privileges, leading to the possibility of arbitrary code execution within the affected environment. Proper permissions should be enforced to mitigate such risks and ensure the security of systems utilizing the AMD HIP SDK.

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2024

Amd

What is CVE-2024-21937?

References

CVSS V3.1

Timeline