CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-0179

Medium Severity
SVRS
36/100
CVSSv3
NA/10
EPSS
0.0003/1

CVE-2024-0179 is a critical security vulnerability in the AmdCpmDisplayFeatureSMM driver, potentially allowing local attackers to execute arbitrary code. This SMM Callout vulnerability allows an authenticated local attacker to overwrite SMRAM. Given the potential for arbitrary code execution, this flaw could be exploited to gain significant control over the affected system. SOCRadar's Vulnerability Risk Score (SVRS) indicates a score of 36, suggesting a medium level of risk but vigilance is necessary since the "In The Wild" tag is present. While the CVSS score is 0, indicating no immediate threat vector via network, the SVRS highlights that active exploitation could be occurring. Immediate patching is advised where available, and monitoring for suspicious activity related to the driver is crucial to mitigate potential risks associated with CVE-2024-0179.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2025-02-11
LAST MODIFIED2025-02-11

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug - theregister.com
2025-04-08
Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug - theregister.com | News Content: Patch Tuesday Patch Tuesday has arrived, and Microsoft has revealed one flaw in its products under active exploitation and 11 critical issues in its code to fix. Redmond delivered fixes for more than 120 flaws this month; none are rated with a CVSS severity score of nine or higher. The one that deserves most attention is CVE-2025-29824, an elevation of privilege (EoP) hole in the Windows Common Log File System Driver, because it is already being exploited. In a separate note, Microsoft explained
rss
google.com
forum
news
Tough luck, Windows 10 users. No fix yet for ransomware-exploited OS bug - theregister.com
2025-04-08
Tough luck, Windows 10 users. No fix yet for ransomware-exploited OS bug - theregister.com | News Content: Patch Tuesday Patch Tuesday has arrived, and Microsoft has revealed one flaw in its products under active exploitation and 11 critical issues in its code to fix. Redmond delivered fixes for more than 120 flaws this month; none are rated with a CVSS severity score of nine or higher. The one that deserves most attention is CVE-2025-29824, an elevation of privilege (EoP) hole in the Windows Common Log File System Driver, because it is already being exploited. In a separate note, Microsoft
google.com
rss
forum
news
CVE-2024-0179 | AMD Ryzen Embedded 8000 AmdCpmDisplayFeatureSMM input validation
vuldb.com2025-02-12
CVE-2024-0179 | AMD Ryzen Embedded 8000 AmdCpmDisplayFeatureSMM input validation | A vulnerability was found in AMD Ryzen 3000 Desktop Processors, Ryzen 5000 Desktop Processors, Ryzen 5000 Desktop Processor with Radeon Graphics, Ryzen 7000 Desktop Processors, Athlon 3000 Desktop Processors with Radeon Graphics, Ryzen 4000 Desktop Processor with Radeon Graphics, Ryzen 8000 Processor with Radeon Graphics, Ryzen Threadripper 3000 Processors, Ryzen Threadripper PRO 3000WX Processors, Ryzen Threadripper PRO 7000 WX-Series Processors, Athlon 3000 Mobile Processors with Radeon Graphics, Ryzen 3000 Mobile Processor with Radeon Graphics, Ryzen 4000 Mobile Processors with Radeon Graphics, Ryzen
vuldb.com
rss
forum
news

Social Media

AMD Patches High-Severity SMM Vulnerabilities Affecting EPYC and Ryzen Processors Learn about CVE-2024-0179 & CVE-2024-21925, two high-severity vulnerabilities in #AMD processors that could allow arbitrary code execution. https://t.co/mT2dNc7H66
0
0
0
AMD published Security Bulletin AMD-SB-7027 addressing CVE-2024-0179 and CVE-2024-21925, the two UEFI SMM vulnerabilities disclosed in our blog post. Data center, desktop, mobile and embedded processors products are affected: https://t.co/BAIcTnRLZS
0
0
1
CVE-2024-0179 SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary c… https://t.co/4YdK8WluhF
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html

CWE Details

CWE IDCWE NameDescription
CWE-20Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence