CVE-2024-21981 Vulnerability Details

  /     /     /  

CVE-2024-21981 Metadata Quick Info

CVE Published: 13/08/2024 | CVE Updated: 15/08/2024 | CVE Year: 2024
Source: AMD | Vendor: AMD | Product: AMD EPYC™ 7001 Series Processors
Status : PUBLISHED

CVE-2024-21981 Description

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.

Metrics

CVSS Version: 3.1 | Base Score: 5.7 MEDIUM
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* HIGH
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID:
CWE Name:
Source: AMD

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).