CVE-2024-21977
BaseFortify
Publication date: 2025-09-05
Last updated on: 2025-09-05
Assigner: Advanced Micro Devices Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amd | ryzen | 4000 |
| amd | epyc_embedded | 7003 |
| amd | ryzen_embedded | 8000 |
| amd | epyc | 7001 |
| amd | pro | 5000wx |
| amd | ryzen | 2000 |
| amd | ryzen_embedded | 7000 |
| amd | epyc_embedded | 7002 |
| amd | epyc | 9004 |
| amd | ryzen | 6000 |
| amd | ryzen | 5000 |
| amd | ryzen | 8000 |
| amd | epyc | 7003 |
| amd | pro | 7000 |
| amd | pro | 3000wx |
| amd | ryzen_embedded | 5000 |
| amd | epyc_embedded | 3000 |
| amd | epyc | 7002 |
| amd | epyc_embedded | 900 |
| amd | ryzen_embedded | r2000 |
| amd | ryzen_threadripper | 3000 |
| amd | epyc | 4004 |
| amd | client_processor | * |
| amd | ryzen_embedded | v3000 |
| amd | athlon | 3000 |
| amd | ryzen_embedded | r1000 |
| amd | ryzen | 7000 |
| amd | ryzen_embedded | v2000 |
| amd | epyc | 8004 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-459 | The product does not properly "clean up" and remove temporary or supporting resources after they have been used. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-21977 is a vulnerability in AMD processors where incomplete cleanup after loading a CPU microcode patch allows a privileged attacker to degrade the entropy of the RDRAND instruction, which is used for random number generation. This degradation can reduce the integrity of SEV-SNP guests, which are virtualized environments relying on Secure Encrypted Virtualization with Secure Nested Paging protections. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a privileged attacker to reduce the quality of random numbers generated by the RDRAND instruction, potentially compromising the integrity of SEV-SNP guests. This affects the security of virtualized environments that depend on SEV-SNP protections, possibly leading to a loss of integrity in those environments. The attack requires local access with high privileges and does not affect confidentiality or availability. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2024-21977, you should update your system's Platform Initialization (PI) firmware to the fixed versions released by AMD. These updates are available through your OEM as BIOS updates. Applying these BIOS/firmware updates will address the incomplete cleanup issue after loading CPU microcode patches and prevent degradation of the RDRAND instruction entropy. Specific firmware versions and release dates vary by processor family, so ensure you obtain the correct update for your AMD processor model. [1, 2]