Improper Input Validation in AMD Hardware Allows Possible Memory Overwrite
CVE-2024-21947

7.5HIGH

Key Information:

Vendor: Amd
Status: Amd Ryzen™ Threadripper™ 3000 Processors; Amd Ryzen™ Threadripper™ Pro 5000 Wx-series Processors; Amd Ryzen™ 7030 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ Threadripper™ Pro 3000 Wx-series Processors
Vendor: CVE Published:; 6 September 2025

What is CVE-2024-21947?

An improper input validation issue in the system management mode (SMM) of AMD processors may allow a privileged attacker to overwrite arbitrary memory. This vulnerability could enable the execution of arbitrary code at the SMM level, potentially compromising the integrity of the system. It is essential for AMD users and administrators to take necessary precautions and apply security updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics ComboAM4 1.0.0.B

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Picasso-FP5 1.0.1.1

AMD Ryzen™ 3000 Series Desktop Processors ComboAM4 1.0.0.B

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2025
Vulnerability Reserved
Jan 3, 2024

Credit

Reported through AMD Bug Bounty Program

Amd

What is CVE-2024-21947?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit