CVE-2024-21966
Published: 11 February 2025
Summary
CVE-2024-21966 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Amd (inferred from references). Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 12.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Deeper analysis
CVE-2024-21966 is a DLL hijacking vulnerability affecting the AMD Ryzen™ Master Utility. Published on 2025-02-11, it enables an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. The vulnerability is classified under CWE-269 (Improper Privilege Management) with a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.
A local attacker with low privileges can exploit this vulnerability by leveraging DLL hijacking techniques, such as placing a malicious DLL in a directory searched by the Ryzen Master Utility before its legitimate counterpart. Exploitation requires user interaction, such as the victim launching or interacting with the utility, which could load the attacker's DLL instead. Successful exploitation leads to privilege escalation and arbitrary code execution with elevated permissions.
AMD has addressed this issue in security bulletin AMD-SB-9010, available at https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9010.html, which provides details on mitigation and patching recommendations for affected systems.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-19572
Vulnerability details
A DLL hijacking vulnerability in the AMD Ryzen™ Master Utility could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE directly describes DLL hijacking (side-loading) leading to local privilege escalation and arbitrary code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation through application of the AMD-SB-9010 patch directly eliminates the DLL hijacking vulnerability in the Ryzen Master Utility.
Software, firmware, and information integrity verification prevents the Ryzen Master Utility from loading unauthorized or malicious DLLs via hijacking.
Malicious code protection mechanisms scan for and block execution of attacker-placed malicious DLLs exploited in the Ryzen Master DLL hijacking.