Cyber Resilience

CVE-2024-21966

HighLPE

Published: 11 February 2025

Published
11 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0022 12.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2024-21966 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Amd (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 12.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).

Deeper analysis

CVE-2024-21966 is a DLL hijacking vulnerability affecting the AMD Ryzen™ Master Utility. Published on 2025-02-11, it enables an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. The vulnerability is classified under CWE-269 (Improper Privilege Management) with a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.

A local attacker with low privileges can exploit this vulnerability by leveraging DLL hijacking techniques, such as placing a malicious DLL in a directory searched by the Ryzen Master Utility before its legitimate counterpart. Exploitation requires user interaction, such as the victim launching or interacting with the utility, which could load the attacker's DLL instead. Successful exploitation leads to privilege escalation and arbitrary code execution with elevated permissions.

AMD has addressed this issue in security bulletin AMD-SB-9010, available at https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9010.html, which provides details on mitigation and patching recommendations for affected systems.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A DLL hijacking vulnerability in the AMD Ryzen™ Master Utility could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

CVE directly describes DLL hijacking (side-loading) leading to local privilege escalation and arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-15561Shared CWE-269
CVE-2026-30902Shared CWE-269
CVE-2026-28919Shared CWE-269
CVE-2026-26416Shared CWE-269
CVE-2023-7342Shared CWE-269
CVE-2025-21360Shared CWE-269
CVE-2026-2782Shared CWE-269
CVE-2026-23772Shared CWE-269
CVE-2026-33906Shared CWE-269
CVE-2026-24510Shared CWE-269

Affected Assets

Amd
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation through application of the AMD-SB-9010 patch directly eliminates the DLL hijacking vulnerability in the Ryzen Master Utility.

preventdetect

Software, firmware, and information integrity verification prevents the Ryzen Master Utility from loading unauthorized or malicious DLLs via hijacking.

preventdetect

Malicious code protection mechanisms scan for and block execution of attacker-placed malicious DLLs exploited in the Ryzen Master DLL hijacking.

References