Improper Input Validation in AMD RAID Driver Allows Potential Code Execution
CVE-2024-21962

8.6HIGH

Key Information:

Vendor: Amd
Status: Amd Epyc™ 4005 Series Processors; Amd Epyc™ 4004 Series Processors; Amd Ryzen™ Threadripper™ Pro 3000 Wx-series Processors; Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics
Vendor: CVE Published:; 15 May 2026

What is CVE-2024-21962?

An improper input validation vulnerability in the AMD RAID driver poses significant security risks, allowing attackers to redirect memory access to arbitrary locations. This flaw could potentially lead to escalation of privileges and arbitrary code execution, putting sensitive data and system integrity at risk. It's essential for users of the affected AMD RAID driver to update to the latest version and implement recommended security measures to mitigate these risks.

Affected Version(s)

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics No fix planned

AMD EPYC™ 4004 Series Processors AMD RAID Software: 9.3.3.245

AMD EPYC™ 4005 Series Processors AMD RAID Software: 9.3.3.245

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
Jan 3, 2024

Credit

Reported through AMD Bug Bounty Program

CVE-2024-21962 Data

JSON

Amd

What is CVE-2024-21962?

Affected Version(s)

References

CVSS V4

Timeline

Credit