CVE-2024-21924

Description

SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected products

AMD / AMD EPYC™ 7002 ProcessorsRome PI 1.0.0.K – Rome PI 1.0.0.K
AMD / AMD EPYC™ Embedded 7002 ProcessorsEmbRomePI-SP3 1.0.0.D – EmbRomePI-SP3 1.0.0.D
AMD / AMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsChagallWSPI-sWRX8 1.0.0.9 – ChagallWSPI-sWRX8 1.0.0.9
AMD / AMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsCastlePeakWSPI-sWRX8 1.0.0.E – CastlePeakWSPI-sWRX8 1.0.0.E
AMD / AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop ProcessorsChagallWSPI-sWRX8 1.0.0.9 – ChagallWSPI-sWRX8 1.0.0.9
AMD / AMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsStormPeakPI-SP6 1.0.0.1j – StormPeakPI-SP6 1.0.0.1j
AMD / AMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsStormPeakPI-SP6 1.1.0.0h – StormPeakPI-SP6 1.1.0.0h

References

MISChttps://www.amd.com/en/resources/product-security/bulletin/amd-sb-7028.html