CVE-2024-0179 — Improper Input Validation in AMD Ryzen Embedded R2000

CWE-20 — Improper Input Validation CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

8.2HIGHNVD

EPSS

0.0%

top 86.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Ryzen Embedded R2000

Timeline

PublishedFeb 11

Description

SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages1 packages

▶CVEListV5amd/amd_ryzen_embedded_r2000EmbeddedR2KPIFP5 1.0.0.5

🔴Vulnerability Details

CVEList

CVE-2024-0179: SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially result↗2025-02-11

▶

GHSA

GHSA-pjg6-r723-9cv2: SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially result↗2025-02-11

▶

📋Vendor Advisories

Red Hat

kernel: hw:amd: SMM callout vulnerability within the AmdCpmDisplayFeatureSMM↗2025-02-11

▶