CVE-2024-21981

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html

Configurations

No configuration.

History

No history.

Information

Published : 2024-08-13 17:15

Updated : 2024-08-15 18:35

NVD link : CVE-2024-21981

Mitre link : CVE-2024-21981

CVE.ORG link : CVE-2024-21981

JSON object : View

Products Affected

No product.

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

5.7 /10