CVE-2024-21962

Description

Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution.

CVSS breakdown

CVSS 4.0

Attack Vector

Local

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

Active

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

High

Confidentiality (Subsequent System)

High

Integrity (Subsequent System)

High

Availability (Subsequent System)

High

Affected products

AMD / AMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsNo fix planned – No fix planned
AMD / AMD EPYC™ 4004 Series ProcessorsAMD RAID Software: 9.3.3.245 – AMD RAID Software: 9.3.3.245
AMD / AMD EPYC™ 4005 Series ProcessorsAMD RAID Software: 9.3.3.245 – AMD RAID Software: 9.3.3.245
AMD / AMD EPYC™ Embedded 4005 Series ProcessorsEmbedded EPYC_4005 Windows RAID Driver - 9.3.3.00245 - (71794) – Embedded EPYC_4005 Windows RAID Driver - 9.3.3.00245 - (71794)
AMD / AMD Ryzen™ 2000 Mobile ProcessorsNo fix planned – No fix planned
AMD / AMD Ryzen™ 3000 Series Desktop ProcessorsNo fix planned – No fix planned
AMD / AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ GraphicsNo fix planned – No fix planned
AMD / AMD Ryzen™ 4000 Series Desktop ProcessorsNo fix planned – No fix planned
AMD / AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsNo fix planned – No fix planned
AMD / AMD Ryzen™ 5000 Series Desktop ProcessorsNo fix planned – No fix planned
AMD / AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsNo fix planned – No fix planned
AMD / AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsNo fix planned – No fix planned
AMD / AMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsNo fix planned – No fix planned
AMD / AMD Ryzen™ 7000 Series Desktop ProcessorsAMD RAID Software: 9.3.3.245 – AMD RAID Software: 9.3.3.245
AMD / AMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsNo fix planned – No fix planned
AMD / AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ GraphicsAMD RAID Software: 9.3.3.245 – AMD RAID Software: 9.3.3.245
AMD / AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ GraphicsAMD RAID Software: 9.3.3.245 – AMD RAID Software: 9.3.3.245
AMD / AMD Ryzen™ 8000 Series Desktop ProcessorsAMD RAID Software: 9.3.3.245 – AMD RAID Software: 9.3.3.245
AMD / AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ GraphicsAMD RAID Software: 9.3.3.245 – AMD RAID Software: 9.3.3.245
AMD / AMD Ryzen™ 9000HX Series ProcessorsAMD RAID Software: 9.3.3.245 – AMD RAID Software: 9.3.3.245
AMD / AMD Ryzen™ 9000 Series Desktop ProcessorsAMD RAID Software: 9.3.3.245 – AMD RAID Software: 9.3.3.245
AMD / AMD Ryzen™ AI 300 Series ProcessorsAMD RAID Software: 9.3.3.245 – AMD RAID Software: 9.3.3.245
AMD / AMD Ryzen™ AI Max 300 Series ProcessorsAMD RAID Software: 9.3.3.245 – AMD RAID Software: 9.3.3.245
AMD / AMD Ryzen™ Threadripper™ 7000 WX-Series ProcessorsAMD RAID Software: 9.3.3.245 – AMD RAID Software: 9.3.3.245
AMD / AMD Ryzen™ Threadripper™ 9000 seriesAMD RAID Software: 9.3.3.245 – AMD RAID Software: 9.3.3.245
AMD / AMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsAMD RAID Software: 9.3.3.245 – AMD RAID Software: 9.3.3.245
AMD / AMD Ryzen™ Threadripper™ PRO 5000 WX-Series ProcessorsAMD RAID Software: 9.3.3.245 – AMD RAID Software: 9.3.3.245
AMD / AMD Ryzen™ Z2 Series ProcessorsAMD RAID Software: 9.3.3.245 – AMD RAID Software: 9.3.3.245

References

MISChttps://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4016.html