CVE-2024-21924
Published: 11 February 2025
Summary
CVE-2024-21924 is a high-severity Execution with Unnecessary Privileges (CWE-250) vulnerability in Amd (inferred from references). Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 14.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-7 (Software, Firmware, and Information Integrity).
Deeper analysis
CVE-2024-21924 is an SMM callout vulnerability in the AmdPlatformRasSspSmm driver on affected AMD platforms. Published on 2025-02-11, the flaw allows a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution. It carries a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) and maps to CWE-250.
Exploitation requires local access (AV:L) with low complexity (AC:L) and high privileges (PR:H), such as ring 0 kernel-level access, and no user interaction (UI:N). A successful attack leverages the vulnerability's high scope change (S:C) to achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) through arbitrary code execution.
AMD's security bulletin at https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7028.html provides details on mitigation, including available patches and remediation guidance for affected systems.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-19530
Vulnerability details
SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SMM callout vuln allows ring-0 attacker to modify boot services handlers for arbitrary code execution, directly enabling local privilege escalation from kernel to SMM context.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the SMM callout vulnerability by requiring identification, prioritization, and timely application of patches for the AmdPlatformRasSspSmm driver as provided in AMD's security bulletin.
Protects the integrity of firmware drivers like AmdPlatformRasSspSmm and boot services handlers against unauthorized modifications by ring 0 attackers through integrity verification and violation response.
Provides memory protection mechanisms to restrict ring 0 attackers from modifying critical SMM-related memory regions and boot services handlers leading to arbitrary code execution.