CVE-2024-21977
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-05

Last updated on: 2025-09-05

Assigner: Advanced Micro Devices Inc.

Description
Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-05
Last Modified
2025-09-05
Generated
2026-06-16
AI Q&A
2025-09-05
EPSS Evaluated
2026-06-15
NVD
CVE-2024-21977
EUVD
EUVD-2024-19583
Affected Vendors & Products
Showing 29 associated CPEs
Vendor Product Version / Range
amd ryzen 4000
amd epyc_embedded 7003
amd ryzen_embedded 8000
amd epyc 7001
amd pro 5000wx
amd ryzen 2000
amd ryzen_embedded 7000
amd epyc_embedded 7002
amd epyc 9004
amd ryzen 6000
amd ryzen 5000
amd ryzen 8000
amd epyc 7003
amd pro 7000
amd pro 3000wx
amd ryzen_embedded 5000
amd epyc_embedded 3000
amd epyc 7002
amd epyc_embedded 900
amd ryzen_embedded r2000
amd ryzen_threadripper 3000
amd epyc 4004
amd client_processor *
amd ryzen_embedded v3000
amd athlon 3000
amd ryzen_embedded r1000
amd ryzen 7000
amd ryzen_embedded v2000
amd epyc 8004
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-459 The product does not properly "clean up" and remove temporary or supporting resources after they have been used.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2024-21977 is a vulnerability in AMD processors where incomplete cleanup after loading a CPU microcode patch allows a privileged attacker to degrade the entropy of the RDRAND instruction, which is used for random number generation. This degradation can reduce the integrity of SEV-SNP guests, which are virtualized environments relying on Secure Encrypted Virtualization with Secure Nested Paging protections. [1, 2]

Impact Analysis

This vulnerability can impact you by allowing a privileged attacker to reduce the quality of random numbers generated by the RDRAND instruction, potentially compromising the integrity of SEV-SNP guests. This affects the security of virtualized environments that depend on SEV-SNP protections, possibly leading to a loss of integrity in those environments. The attack requires local access with high privileges and does not affect confidentiality or availability. [1, 2]

Mitigation Strategies

To mitigate CVE-2024-21977, you should update your system's Platform Initialization (PI) firmware to the fixed versions released by AMD. These updates are available through your OEM as BIOS updates. Applying these BIOS/firmware updates will address the incomplete cleanup issue after loading CPU microcode patches and prevent degradation of the RDRAND instruction entropy. Specific firmware versions and release dates vary by processor family, so ensure you obtain the correct update for your AMD processor model. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-21977. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart