Description
Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution.
Published: 2026-05-15
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper input validation flaw in the AMD RAID driver. The driver can be coerced to reference an arbitrary memory location, allowing an attacker to execute privileged instructions and run arbitrary code. This flaw could lead to a full privilege escalation on the affected system, resulting in the compromise of confidentiality, integrity, and availability.

Affected Systems

The flaw affects a broad array of AMD processors including Athlon 3000 Series Mobile with Radeon Graphics, EPYC 4004, 4005 and Embedded 4005 Series, Ryzen 2000, 3000, 4000, 5000, 6000, 7000, 7020, 7040, 7045, 8000, 8040, 9000, 9000HX, AI 300, AI Max 300, Threadripper 7000 WX, 9000, PRO 3000 WX, PRO 5000 WX, and Z2 Series. Specific product versions that implement the driver are not disclosed in the advisory.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity vulnerability. The EPSS score is not available and the flaw is not listed in the CISA KEV catalog, suggesting it has not been widely exploited yet. The likely attack vector is local or requires privileged execution because the flaw exists in a kernel‑mode driver. An attacker who can load or interact with the RAID driver may manipulate its input vectors to trigger a privilege escalation, leading to arbitrary code execution. Consequently, the exploitation risk is high for systems that expose the RAID driver to potentially compromised processes or users.

Generated by OpenCVE AI on May 15, 2026 at 04:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest AMD firmware and RAID driver update distributed through the AMD support portal or the product‑security bulletin.
  • If an update is not yet available, disable or unconfigure the RAID functionality on systems that do not require it and restrict access to the driver to only trusted privileged binaries.
  • On affected hosts, monitor for anomalous reads/writes or unexpected privilege escalation events, and consider hardening kernel security by enabling SELinux/AppArmor profiles and reviewing kernel module loading policies.

Generated by OpenCVE AI on May 15, 2026 at 04:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 15 May 2026 04:45:00 +0000

Type Values Removed Values Added
Title AMD RAID Driver Improper Input Validation Enables Privilege Escalation and Arbitrary Code Execution

Fri, 15 May 2026 03:00:00 +0000

Type Values Removed Values Added
Description Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution.
Weaknesses CWE-1220
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-16T03:56:05.116Z

Reserved: 2024-01-03T16:43:28.698Z

Link: CVE-2024-21962

cve-icon Vulnrichment

Updated: 2026-05-15T13:28:23.679Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T03:16:20.803

Modified: 2026-05-15T14:10:17.083

Link: CVE-2024-21962

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T04:30:36Z

Weaknesses