← back
CVE-2024-21981

CVE-2024-21981

CVSS 5.7 MEDIUMEPSS 0.1%CWE-639
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.7EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
13 Aug 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Affected products
AMD · AMD Athlon™ 3000 Series Desktop Processors with Radeon™ GraphicsAMD · AMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsAMD · AMD EPYC™ 7001 Series ProcessorsAMD · AMD EPYC™ 7002 Series ProcessorsAMD · AMD EPYC™ 7003 Series ProcessorsAMD · AMD EPYC™ Embedded 3000 Series ProcessorsAMD · AMD EPYC™ Embedded 7002 Series ProcessorsAMD · AMD EPYC™ Embedded 7003 Series ProcessorsAMD · AMD Ryzen™ 3000 Series Desktop ProcessorsAMD · AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ GraphicsAMD · AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ GraphicsAMD · AMD Ryzen™ 5000 Series Desktop ProcessorsAMD · AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ GraphicsAMD · AMD Ryzen™ Embedded 5000 Series ProcessorsAMD · AMD Ryzen™ Embedded R1000 Series ProcessorsAMD · AMD Ryzen™ Embedded R2000 Series ProcessorsAMD · AMD Ryzen™ Embedded V1000 Series ProcessorsAMD · AMD Ryzen™ Threadripper™ 3000 Series ProcessorsAMD · AMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsAMD · AMD Ryzen™ Threadripper™ PRO 5000WX Processors

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html