CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-21925

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00029/1

CVE-2024-21925 is a security vulnerability in the AmdPspP2CmboxV2 driver that can allow an attacker with elevated privileges to overwrite System Management RAM (SMRAM). This improper input validation can lead to arbitrary code execution on the affected system. With an SVRS of 30, while not critical, this vulnerability should still be addressed in a timely manner to prevent potential exploitation. The vulnerability exists due to insufficient validation of input within the driver, which allows a privileged attacker to manipulate memory regions they shouldn't have access to. Successful exploitation of CVE-2024-21925 could enable an attacker to gain complete control over the compromised system. Although the CVSS score is 0, the SVRS indicates there is still a risk associated with this vulnerability. Remediation efforts should focus on patching or updating the AmdPspP2CmboxV2 driver to the latest version provided by AMD.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2025-02-11
LAST MODIFIED2025-02-11

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug - theregister.com
2025-04-08
Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug - theregister.com | News Content: Patch Tuesday Patch Tuesday has arrived, and Microsoft has revealed one flaw in its products under active exploitation and 11 critical issues in its code to fix. Redmond delivered fixes for more than 120 flaws this month; none are rated with a CVSS severity score of nine or higher. The one that deserves most attention is CVE-2025-29824, an elevation of privilege (EoP) hole in the Windows Common Log File System Driver, because it is already being exploited. In a separate note, Microsoft explained
rss
google.com
forum
news
Tough luck, Windows 10 users. No fix yet for ransomware-exploited OS bug - theregister.com
2025-04-08
Tough luck, Windows 10 users. No fix yet for ransomware-exploited OS bug - theregister.com | News Content: Patch Tuesday Patch Tuesday has arrived, and Microsoft has revealed one flaw in its products under active exploitation and 11 critical issues in its code to fix. Redmond delivered fixes for more than 120 flaws this month; none are rated with a CVSS severity score of nine or higher. The one that deserves most attention is CVE-2025-29824, an elevation of privilege (EoP) hole in the Windows Common Log File System Driver, because it is already being exploited. In a separate note, Microsoft
google.com
rss
forum
news
CVE-2024-21925 | AMD Ryzen Embedded 8000 AmdPspP2CmboxV2 Driver input validation
vuldb.com2025-02-12
CVE-2024-21925 | AMD Ryzen Embedded 8000 AmdPspP2CmboxV2 Driver input validation | A vulnerability classified as critical was found in AMD EPYC 7001 Processors, EPYC 7002 Processors, EPYC 9004 Processors, EPYC 7003 Processors, Ryzen 3000 Desktop Processors, Ryzen 5000 Desktop Processors, Ryzen 5000 Desktop Processor with Radeon Graphics, Ryzen 7000 Desktop Processors, Athlon 3000 Desktop Processors with Radeon Graphics, Ryzen 4000 Desktop Processor with Radeon Graphics, Ryzen 8000 Processor with Radeon Graphics, Ryzen Threadripper 3000 Processors, Ryzen Threadripper PRO 3000WX Processors, Ryzen Threadripper PRO
vuldb.com
rss
forum
news

Social Media

AMD Patches High-Severity SMM Vulnerabilities Affecting EPYC and Ryzen Processors Learn about CVE-2024-0179 & CVE-2024-21925, two high-severity vulnerabilities in #AMD processors that could allow arbitrary code execution. https://t.co/mT2dNc7H66
0
0
0
AMD published Security Bulletin AMD-SB-7027 addressing CVE-2024-0179 and CVE-2024-21925, the two UEFI SMM vulnerabilities disclosed in our blog post. Data center, desktop, mobile and embedded processors products are affected: https://t.co/BAIcTnRLZS
0
0
1
CVE-2024-21925 Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution. https://t.co/64QFDsNVv9
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html

CWE Details

CWE IDCWE NameDescription
CWE-20Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence