CVE-2024-21924

SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7028.html

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de llamada SMM dentro del controlador AmdPlatformRasSspSmm podría permitir que un atacante de anillo 0 modifique los controladores de servicios de arranque, lo que podría resultar en la ejecución de código arbitrario.

11 Feb 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-11 21:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-21924

Mitre link : CVE-2024-21924

CVE.ORG link : CVE-2024-21924

JSON object : View

Products Affected

No product.

CWE

CWE-250

Execution with Unnecessary Privileges

8.2 /10