CVE-2024-21981

CVE-2024-21981

CVSS 5.7 MEDIUMEPSS 0.1%CWE-639

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.7EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

13 ago 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Produtos afetados

AMD · AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics AMD · AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics AMD · AMD EPYC™ 7001 Series Processors AMD · AMD EPYC™ 7002 Series Processors AMD · AMD EPYC™ 7003 Series Processors AMD · AMD EPYC™ Embedded 3000 Series Processors AMD · AMD EPYC™ Embedded 7002 Series Processors AMD · AMD EPYC™ Embedded 7003 Series Processors AMD · AMD Ryzen™ 3000 Series Desktop Processors AMD · AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics AMD · AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics AMD · AMD Ryzen™ 5000 Series Desktop Processors AMD · AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics AMD · AMD Ryzen™ Embedded 5000 Series Processors AMD · AMD Ryzen™ Embedded R1000 Series Processors AMD · AMD Ryzen™ Embedded R2000 Series Processors AMD · AMD Ryzen™ Embedded V1000 Series Processors AMD · AMD Ryzen™ Threadripper™ 3000 Series Processors AMD · AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors AMD · AMD Ryzen™ Threadripper™ PRO 5000WX Processors

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html