Cyber Resilience

CVE-2024-21924

HighLPE

Published: 11 February 2025

Published
11 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0004 14.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-21924 is a high-severity Execution with Unnecessary Privileges (CWE-250) vulnerability in Amd (inferred from references). Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 14.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-7 (Software, Firmware, and Information Integrity).

Deeper analysis

CVE-2024-21924 is an SMM callout vulnerability in the AmdPlatformRasSspSmm driver on affected AMD platforms. Published on 2025-02-11, the flaw allows a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution. It carries a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) and maps to CWE-250.

Exploitation requires local access (AV:L) with low complexity (AC:L) and high privileges (PR:H), such as ring 0 kernel-level access, and no user interaction (UI:N). A successful attack leverages the vulnerability's high scope change (S:C) to achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) through arbitrary code execution.

AMD's security bulletin at https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7028.html provides details on mitigation, including available patches and remediation guidance for affected systems.

EU & UK References

Vulnerability details

SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

SMM callout vuln allows ring-0 attacker to modify boot services handlers for arbitrary code execution, directly enabling local privilege escalation from kernel to SMM context.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-58383Shared CWE-250
CVE-2025-22890Shared CWE-250
CVE-2025-57119Shared CWE-250
CVE-2024-49814Shared CWE-250
CVE-2026-0870Shared CWE-250
CVE-2026-1680Shared CWE-250
CVE-2025-40942Shared CWE-250
CVE-2024-48013Shared CWE-250
CVE-2026-3623Shared CWE-250
CVE-2026-25908Shared CWE-250

Affected Assets

Amd
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the SMM callout vulnerability by requiring identification, prioritization, and timely application of patches for the AmdPlatformRasSspSmm driver as provided in AMD's security bulletin.

preventdetect

Protects the integrity of firmware drivers like AmdPlatformRasSspSmm and boot services handlers against unauthorized modifications by ring 0 attackers through integrity verification and violation response.

prevent

Provides memory protection mechanisms to restrict ring 0 attackers from modifying critical SMM-related memory regions and boot services handlers leading to arbitrary code execution.

References