CVE-2024-21981

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html

Configurations

No configuration.

History

15 Aug 2024, 18:35

Type	Values Removed	Values Added
CWE		CWE-639
Summary		(es) Un control inadecuado del uso de claves en el procesador seguro AMD (ASP) puede permitir que un atacante con acceso local que haya obtenido privilegios de ejecución de código arbitrario en ASP extraiga claves criptográficas ASP, lo que podría provocar una pérdida de confidencialidad e integridad.

13 Aug 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-13 17:15

Updated : 2024-08-15 18:35

NVD link : CVE-2024-21981

Mitre link : CVE-2024-21981

CVE.ORG link : CVE-2024-21981

JSON object : View

Products Affected

No product.

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

5.7 /10