{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21925", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2024-01-03T16:43:09.232Z", "datePublished": "2025-02-11T20:39:03.746Z", "dateUpdated": "2025-02-12T15:35:34.994Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "AMD EPYC\u2122 7001 Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "Naples PI 1.0.0.N"}]}, {"defaultStatus": "unknown", "product": "AMD EPYC\u2122 7002 Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "Rome PI 1.0.0.K"}]}, {"defaultStatus": "unknown", "product": "AMD EPYC\u2122 9004 Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "Genoa PI 1.0.0.D"}]}, {"defaultStatus": "unknown", "product": "AMD EPYC\u2122 7003 Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "Milan PI 1.0.0.E"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4PI 1.0.0.C"}, {"status": "unaffected", "version": "ComboAM4v2PI 1.2.0.D"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4v2PI 1.2.0.D"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4v2PI 1.2.0.D"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM5PI 1.2.0.2b"}, {"status": "unaffected", "version": "ComboAM5PI 1.1.0.3b"}, {"status": "unaffected", "version": "ComboAM5PI 1.0.0.a"}]}, {"defaultStatus": "unknown", "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4PI 1.0.0.C"}, {"status": "unaffected", "version": "ComboAM4v2PI 1.2.0.D"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4v2PI 1.2.0.D"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM5PI 1.2.0.2b"}, {"status": "unaffected", "version": "ComboAM5PI 1.1.0.3b"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "CastlePeakPI-SP3r3 1.0.0.D"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "CastlePeakWSPI-sWRX8 1.0.0.F"}, {"status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.9"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.9"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "StormPeakPI-SP6 1.1.0.0h"}, {"status": "unaffected", "version": "StormPeakPI-SP6 1.0.0.1j"}]}, {"defaultStatus": "unknown", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "PicassoPI-FP5 1.0.1.2a"}, {"status": "unaffected", "version": "PollockPI-FT5 1.0.0.8a"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "PicassoPI-FP5 1.0.1.2a"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "RenoirPI-FP6 1.0.0.Ea"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "CezannePI-FP6 1.0.1.1a"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "MendocinoPI-FT6 1.0.0.7a"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.Ba"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.Ba"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "PhoenixPI-FP8-FP7 1.1.8.0"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "PhoenixPI-FP8-FP7 1.1.8.0"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 7000 Series Mobile Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "DragonRangeFL1PI 1.0.0.3f"}]}, {"defaultStatus": "unknown", "product": "AMD EPYC\u2122 Embedded 3000", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "SnowyOwlPI 1.1.0.E"}]}, {"defaultStatus": "unknown", "product": "AMD EPYC\u2122 Embedded 7002", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbRomePI-SP3 1.0.0.D"}]}, {"defaultStatus": "unknown", "product": "AMD EPYC\u2122 Embedded 7003", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbMilanPI-SP3 1.0.0.A"}]}, {"defaultStatus": "unknown", "product": "AMD EPYC\u2122 Embedded 9004", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbGenoaPI 1.0.0.9"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 Embedded 5000", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbAM4PI 1.0.0.7"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 Embedded 7000", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbeddedV2KAPI-FP6 1.0.0.7"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 Embedded V2000", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbeddedPI-FP6 1.0.0.B"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 Embedded V3000", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbeddedPI_FP7R2 1.0.0.C"}]}, {"defaultStatus": "unknown", "product": "AMD Ryzen\u2122 Embedded 8000", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbeddedPhoenixPI-FP7r2_1.2.0.0"}]}], "datePublic": "2025-02-11T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution."}], "value": "Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2025-02-11T20:39:03.746Z"}, "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-11T21:01:07.683566Z", "id": "CVE-2024-21925", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T15:35:34.994Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution."}], "id": "CVE-2024-21925", "lastModified": "2025-02-11T21:15:12.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "psirt@amd.com", "type": "Secondary"}]}, "published": "2025-02-11T21:15:12.577", "references": [{"source": "psirt@amd.com", "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "psirt@amd.com", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: hw:amd: AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM", "id": "2342341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342341"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.", "A flaw was found in AmdPspP2CmboxV2 in the UEFI module. Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution."], "mitigation": {"lang": "en:us", "value": "Available mitigation requires updating the BIOS (updating firmware of CPU). The bug affects hardware (processors of the AMD EPYC\u2122 family)."}, "name": "CVE-2024-21925", "public_date": "2025-02-11T10:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-21925\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21925\nhttps://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html"], "statement": "This issue occurs due to the lack of sufficient input buffer(s) validation within the AmdPspP2CmboxV2 UEFI module.\nRed Hat has very limited to no visibility and control over binary blobs provided by third-party vendors. Red Hat relies heavily on the vendors to provide timely updates and information about included changes for this content and in most cases merely acts as a release vehicle between the third-party vendor and Red Hat customers with no possibility of influencing or even documenting the changes.\nUnless explicitly stated, the level of insight, oversight, and control Red Hat has does not meet the criteria required (in terms of Red Hat ownership of development processes, QA, and documentation) for releasing this content as RHSA. For more information, please contact the binary content vendor.", "threat_severity": "Important"}