CVE-2024-21977 - Vulnerability Details

Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00014.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

AMD

AMD EPYC™ 7003 Series Processors

affected

Version	Status	Constraints
`MilanPI 1.0.0.D`	unaffected	—

AMD

AMD EPYC™ 9004 Series Processors

affected

Version	Status	Constraints
`GenoaPI 1.0.0.C`	unaffected	—

AMD

AMD EPYC™ 8004 Series Processors

affected

Version	Status	Constraints
`GenoaPI 1.0.0.C`	unaffected	—

AMD

AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors

affected

Version	Status	Constraints
`ChagallWSPI-sWRX8 1.0.0.8`	unaffected	—

AMD

AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics

affected

Version	Status	Constraints
`CezannePI-FP6_1.0.1.1`	unaffected	—

AMD

AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics

affected

Version	Status	Constraints
`RembrandtPI-FP7/FP7r2_1.0.0.B`	unaffected	—

AMD

AMD Ryzen™ 5000 Series Desktop Processors

affected

Version	Status	Constraints
`ComboAM4v2 1.2.0.Cb`	unaffected	—

AMD

AMD Ryzen™ 7000 Series Desktop Processors

affected

Version	Status	Constraints
`ComboAM5 1.2.0.1`	unaffected	—

AMD

AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics

affected

Version	Status	Constraints
`PhoenixPI-FP8-FP7_1.1.0.3`	unaffected	—

AMD

AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics

affected

Version	Status	Constraints
`RembrandtPI-FP7/FP7r2_1.0.0.B`	unaffected	—

AMD

AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics

affected

Version	Status	Constraints
`DragonRangeFL1 1.0.0.3e`	unaffected	—

AMD

AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors

affected

Version	Status	Constraints
`ChagallWSPI-sWRX8 1.0.0.8`	unaffected	—

AMD

AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics

affected

Version	Status	Constraints
`CezannePI-FP6_1.0.1.1`	unaffected	—

AMD

AMD Ryzen™ 8000 Series Desktop Processors

affected

Version	Status	Constraints
`ComboAM5 1.2.0.1`	unaffected	—

AMD

AMD EPYC™ Embedded 7003 Series Processors

affected

Version	Status	Constraints
`EmbMilanPI-SP3 1.0.0.9`	unaffected	—

AMD

AMD EPYC™ Embedded 9004 Series Processors

affected

Version	Status	Constraints
`EmbGenoaPI-SP5 1.0.0.9`	unaffected	—

AMD

AMD Ryzen™ Embedded 8000 Series Processors

affected

Version	Status	Constraints
`EmbeddedPhoenixPI-FP7r2_1.2.0.0`	unaffected	—

AMD

AMD Ryzen™ Embedded 7000 Series Processors

affected

Version	Status	Constraints
`EmbeddedAM5PI 1.0.0.3`	unaffected	—

AMD

AMD Ryzen™ Embedded 5000 Series Processors

affected

Version	Status	Constraints
`EmbAM4PI 1.0.0.7`	unaffected	—

AMD

AMD Ryzen™ Embedded V3000 Series Processors

affected

Version	Status	Constraints
`Embedded-PI_FP7r2 100A`	unaffected	—

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Amd Subscribe	Epyc Subscribe Epyc 7003 Subscribe Epyc 8004 Subscribe Epyc 9004 Subscribe Epyc Embedded 7003 Subscribe Epyc Embedded 9004 Subscribe Ryzen 5000 Series Desktop Processors Subscribe Ryzen 5000 Series Mobile Processors With Radeon Graphics Subscribe Ryzen 6000 Series Processors With Radeon Graphics Subscribe Ryzen 7000 Series Desktop Processors Subscribe Ryzen 7030 Series Mobile Processors With Radeon Graphics Subscribe

Project Subscriptions

Vendors	Products
Amd Subscribe	Epyc Subscribe Epyc 7003 Subscribe Epyc 8004 Subscribe Epyc 9004 Subscribe Epyc Embedded 7003 Subscribe Epyc Embedded 9004 Subscribe Ryzen 5000 Series Desktop Processors Subscribe Ryzen 5000 Series Mobile Processors With Radeon Graphics Subscribe Ryzen 6000 Series Processors With Radeon Graphics Subscribe Ryzen 7000 Series Desktop Processors Subscribe Ryzen 7030 Series Mobile Processors With Radeon Graphics Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2024-19583	Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3014.html
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html

History

Sun, 07 Sep 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Amd Amd epyc Amd epyc 7003 Amd epyc 8004 Amd epyc 9004 Amd epyc Embedded 7003 Amd epyc Embedded 9004 Amd ryzen 5000 Series Desktop Processors Amd ryzen 5000 Series Mobile Processors With Radeon Graphics Amd ryzen 6000 Series Processors With Radeon Graphics Amd ryzen 7000 Series Desktop Processors Amd ryzen 7030 Series Mobile Processors With Radeon Graphics
Vendors & Products		Amd Amd epyc Amd epyc 7003 Amd epyc 8004 Amd epyc 9004 Amd epyc Embedded 7003 Amd epyc Embedded 9004 Amd ryzen 5000 Series Desktop Processors Amd ryzen 5000 Series Mobile Processors With Radeon Graphics Amd ryzen 6000 Series Processors With Radeon Graphics Amd ryzen 7000 Series Desktop Processors Amd ryzen 7030 Series Mobile Processors With Radeon Graphics

Fri, 05 Sep 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 05 Sep 2025 13:15:00 +0000

Type	Values Removed	Values Added
Description		Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests.
Weaknesses		CWE-459
References		https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3014.html https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html
Metrics		cvssV3_1 `{'score': 3.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2025-09-05T12:58:39.312Z

Updated: 2025-09-05T13:35:08.152Z

Reserved: 2024-01-03T16:43:30.196Z

Link: CVE-2024-21977

Vulnrichment

Updated: 2025-09-05T13:34:59.694Z

NVD

Status : Awaiting Analysis

Published: 2025-09-05T13:15:31.310

Modified: 2025-09-05T17:47:10.303

Link: CVE-2024-21977

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-09-07T15:47:34Z

Weaknesses

CWE-459

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object