Main Vulnerability Database Vulnerabilities #VU97947

#VU97947 Key management errors in AMD products - CVE-2024-21981

Published: October 2, 2024

Vulnerability identifier: #VU97947

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-21981

CWE-ID: CWE-320

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
1st Gen AMD EPYC Processors
2nd Gen AMD EPYC Processors
3rd Gen AMD EPYC Processors

Software vendor:
AMD

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper key usage control in AMD Secure Processor (ASP). A local user with arbitrary code execution privilege in ASP can extract ASP cryptographic keys.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

According to vendor's statement this vulnerability will not be fixed.

External links

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html