Cyber Resilience

CVE-2024-21925

High

Published: 11 February 2025

Published
11 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0020 9.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2024-21925 is a high-severity Improper Input Validation (CWE-20) vulnerability in Amd (inferred from references). Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 9.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-21925 is an improper input validation vulnerability (CWE-20) in the AmdPspP2CmboxV2 driver on AMD platforms. Published on 2025-02-11, it enables a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. The issue carries a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to local attack vector, low attack complexity, high privileges required, no user interaction, changed scope, and high impacts across confidentiality, integrity, and availability.

A local attacker possessing high-level privileges can exploit this vulnerability by sending malformed input to the AmdPspP2CmboxV2 driver. This allows overwriting of SMRAM contents, granting the ability to execute arbitrary code at the highest privilege levels, potentially compromising the entire system.

AMD has addressed this issue in Security Bulletin AMD-SB-7027, available at https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html, which provides details on affected products and recommended mitigations or patches.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1542.001 System Firmware Stealth
Adversaries may modify system firmware to persist on systems.
Why these techniques?

Improper input validation in AMD PSP driver directly enables local privileged attacker to overwrite SMRAM for arbitrary SMM code execution, mapping to exploitation for privilege escalation and system firmware/bootkit persistence.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-33659Shared CWE-20
CVE-2024-0179Shared CWE-20
CVE-2024-28127Shared CWE-20
CVE-2024-24582Shared CWE-20
CVE-2026-21733Shared CWE-20
CVE-2026-28821Shared CWE-20
CVE-2026-7905Shared CWE-20
CVE-2026-26170Shared CWE-20
CVE-2025-24255Shared CWE-20
CVE-2026-32168Shared CWE-20

Affected Assets

Amd
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of inputs to the AmdPspP2CmboxV2 driver, preventing malformed inputs that enable SMRAM overwrite.

prevent

Mandates identification, reporting, and correction of flaws like improper input validation in the driver via patching as per AMD-SB-7027.

prevent

Implements safeguards to protect SMRAM and other memory from unauthorized access or overwrite by privileged attackers.

References