CVE-2024-21977

CVE-2024-21977

CVSS 3.2 LOWEPSS 0.1%CWE-459

Vexday Risk Score

8Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 3.2EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

05 set 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N

Produtos afetados

AMD · AMD EPYC™ 7003 Series Processors AMD · AMD EPYC™ 8004 Series Processors AMD · AMD EPYC™ 9004 Series Processors AMD · AMD EPYC™ Embedded 7003 Series Processors AMD · AMD EPYC™ Embedded 9004 Series Processors AMD · AMD Ryzen™ 5000 Series Desktop Processors AMD · AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics AMD · AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics AMD · AMD Ryzen™ 7000 Series Desktop Processors AMD · AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics AMD · AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics AMD · AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics AMD · AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics AMD · AMD Ryzen™ 8000 Series Desktop Processors AMD · AMD Ryzen™ Embedded 5000 Series Processors AMD · AMD Ryzen™ Embedded 7000 Series Processors AMD · AMD Ryzen™ Embedded 8000 Series Processors AMD · AMD Ryzen™ Embedded V3000 Series Processors AMD · AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors AMD · AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3014.html https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html