CVE-2024-21970
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-06
Last updated on: 2025-09-08
Assigner: Advanced Micro Devices Inc.
Description
Description
Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amd | ryzen_threadripper | 3000 |
| amd | pro | 3000wx |
| amd | ryzen | 4000 |
| amd | ryzen | 5000 |
| amd | ryzen | 6000 |
| amd | ryzen | 3000 |
| amd | ryzen | 7000 |
| amd | ryzen | 8000 |
| amd | pro | 5000wx |
| amd | ryzen | 2000 |
| amd | client_processor | * |
| amd | embedded_processor | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-129 | The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability could allow a privileged attacker to corrupt critical firmware memory, potentially compromising the integrity of the system. This could affect system stability or security by altering firmware behavior.
Can you explain this vulnerability to me?
This vulnerability involves improper validation of an array index in the AMD power Management Firmware. A privileged attacker could exploit this flaw to corrupt AGESA memory, which may lead to a loss of integrity in the system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70