Potential Security Risks in AMD Secure Processor Due to Improper Key Usage Control
CVE-2024-21981

5.7MEDIUM

Key Information:

Vendor
Amd
Status
Amd Epyc™ 7001 Series Processors
Amd Epyc™ 7002 Series Processors
Amd Epyc™ 7003 Series Processors
Amd Ryzen™ 3000 Series Desktop Processors
Vendor
CVE Published:
13 August 2024

Summary

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.

Affected Version(s)

AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics various

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics various

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics various

References

https://www.amd.com/en/resources/product-security/bulleti...
vendor-advisory

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.