Input Validation Flaw in AMD Crash Defender Affects Windows Systems
CVE-2024-21971

5.5MEDIUM

Key Information:

Vendor: Amd
Status: Amd Ryzen™ 5000 Series Desktop Processors; Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics; Amd Ryzen™ 7000 Series Desktop Processors; Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics
Vendor: CVE Published:; 12 February 2025

Summary

A vulnerability in AMD Crash Defender allows attackers to manipulate the Windows system process ID within a kernel-mode driver. This improper input validation can lead to system crashes, posing a risk of denial of service. Users of the affected product should apply updates promptly to mitigate these security concerns.

Affected Version(s)

AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)

AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics AMD Software: PRO Edition 24.Q2 (23.19.16.01)

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2025