CVE-2024-21947
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-06
Last updated on: 2025-09-23
Assigner: Advanced Micro Devices Inc.
Description
Description
Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially resulting in arbitrary code execution at the SMM level.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amd | ryzen_threadripper | 3000 |
| amd | pro | 3000wx |
| amd | ryzen | 4000 |
| amd | ryzen | 5000 |
| amd | ryzen | 6000 |
| amd | ryzen | 3000 |
| amd | ryzen | 7000 |
| amd | ryzen | 8000 |
| amd | pro | 7000 |
| amd | pro | 5000wx |
| amd | ryzen | 2000 |
| amd | client_processor | * |
| amd | embedded_processor | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1220 | The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets. |
