CVE-2024-21981 — Authorization Bypass Through User-Controlled Key in AMD Athlon 3000 Series Desktop Processors With Radeon Graphics

CWE-639 — Authorization Bypass Through User-Controlled Key3 documents3 sources

Severity

5.7MEDIUMNVD

EPSS

0.1%

top 84.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Athlon 3000 Series Desktop Processors With Radeon Graphics AMD Athlon 3000 Series Mobile Processors With Radeon Graphics AMD Epyc 7001 Series Processors +17 more

Timeline

PublishedAug 13

Description

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 0.5 | Impact: 5.2

Affected Packages20 packages

▶CVEListV5amd/amd_epyc_7001_series_processorsvarious

▶CVEListV5amd/amd_epyc_7002_series_processorsvarious

▶CVEListV5amd/amd_epyc_7003_series_processorsvarious

▶CVEListV5amd/amd_epyc_embedded_3000_series_processorsvarious

▶CVEListV5amd/amd_epyc_embedded_7002_series_processorsvarious

🔴Vulnerability Details

CVEList

CVE-2024-21981: Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in↗2024-08-13

▶

GHSA

GHSA-8x5q-gq29-2h75: Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in↗2024-08-13

▶