CVE-2024-0179
Published: 11 February 2025
Summary
CVE-2024-0179 is a high-severity Improper Input Validation (CWE-20) vulnerability in Amd (inferred from references). Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 14.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-0179 is an SMM Callout vulnerability in the AmdCpmDisplayFeatureSMM driver that could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution. This issue affects AMD systems utilizing the specified driver and is classified under CWE-20 (Improper Input Validation). The vulnerability received a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts with a changed scope.
Exploitation requires local access and high privileges (PR:H), making it feasible for authenticated users with elevated permissions on the affected system. Attackers could leverage the vulnerability to overwrite SMRAM, bypassing typical memory protections and achieving arbitrary code execution in the System Management Mode (SMM), which operates at a high privilege level.
AMD has published security bulletin AMD-SB-7027 at https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html, which provides details on the issue and recommended mitigations or patches.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-15978
Vulnerability details
SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SMM callout + SMRAM overwrite with local high-priv access directly maps to exploitation for privilege escalation (T1068) and system firmware modification/bootkit-style execution (T1542.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation through application of patches from AMD-SB-7027 directly eliminates the SMM Callout vulnerability in the AmdCpmDisplayFeatureSMM driver, preventing SMRAM overwrite and arbitrary code execution.
Mandates proper information input validation in system components like the AmdCpmDisplayFeatureSMM driver, directly countering the CWE-20 improper input validation that enables SMRAM overwrite.
Enforces memory protection mechanisms to restrict unauthorized access and modification of protected areas like SMRAM by high-privilege local attackers exploiting the driver vulnerability.