Cyber Resilience

CVE-2024-0179

High

Published: 11 February 2025

Published
11 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0004 14.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-0179 is a high-severity Improper Input Validation (CWE-20) vulnerability in Amd (inferred from references). Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 14.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-0179 is an SMM Callout vulnerability in the AmdCpmDisplayFeatureSMM driver that could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution. This issue affects AMD systems utilizing the specified driver and is classified under CWE-20 (Improper Input Validation). The vulnerability received a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts with a changed scope.

Exploitation requires local access and high privileges (PR:H), making it feasible for authenticated users with elevated permissions on the affected system. Attackers could leverage the vulnerability to overwrite SMRAM, bypassing typical memory protections and achieving arbitrary code execution in the System Management Mode (SMM), which operates at a high privilege level.

AMD has published security bulletin AMD-SB-7027 at https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html, which provides details on the issue and recommended mitigations or patches.

EU & UK References

Vulnerability details

SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1542.001 System Firmware Stealth
Adversaries may modify system firmware to persist on systems.
Why these techniques?

SMM callout + SMRAM overwrite with local high-priv access directly maps to exploitation for privilege escalation (T1068) and system firmware modification/bootkit-style execution (T1542.001).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-33659Shared CWE-20
CVE-2024-28127Shared CWE-20
CVE-2024-24582Shared CWE-20
CVE-2024-21925Shared CWE-20
CVE-2025-21234Shared CWE-20
CVE-2025-48647Shared CWE-20
CVE-2025-25210Shared CWE-20
CVE-2026-21733Shared CWE-20
CVE-2026-7905Shared CWE-20
CVE-2026-7997Shared CWE-20

Affected Assets

Amd
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation through application of patches from AMD-SB-7027 directly eliminates the SMM Callout vulnerability in the AmdCpmDisplayFeatureSMM driver, preventing SMRAM overwrite and arbitrary code execution.

prevent

Mandates proper information input validation in system components like the AmdCpmDisplayFeatureSMM driver, directly countering the CWE-20 improper input validation that enables SMRAM overwrite.

prevent

Enforces memory protection mechanisms to restrict unauthorized access and modification of protected areas like SMRAM by high-privilege local attackers exploiting the driver vulnerability.

References