3.2

CVE-2024-21977

Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAMD
Produkt AMD EPYC™ 7003 Series Processors
Default Statusaffected
Version MilanPI 1.0.0.D
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ 9004 Series Processors
Default Statusaffected
Version GenoaPI 1.0.0.C
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ 8004 Series Processors
Default Statusaffected
Version GenoaPI 1.0.0.C
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors
Default Statusaffected
Version ChagallWSPI-sWRX8 1.0.0.8
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version CezannePI-FP6_1.0.1.1
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
Default Statusaffected
Version RembrandtPI-FP7/FP7r2_1.0.0.B
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ 5000 Series Desktop Processors
Default Statusaffected
Version ComboAM4v2 1.2.0.Cb
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ 7000 Series Desktop Processors
Default Statusaffected
Version ComboAM5 1.2.0.1
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version PhoenixPI-FP8-FP7_1.1.0.3
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
Default Statusaffected
Version RembrandtPI-FP7/FP7r2_1.0.0.B
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version DragonRangeFL1 1.0.0.3e
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors
Default Statusaffected
Version ChagallWSPI-sWRX8 1.0.0.8
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version CezannePI-FP6_1.0.1.1
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ 8000 Series Desktop Processors
Default Statusaffected
Version ComboAM5 1.2.0.1
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ Embedded 7003 Series Processors
Default Statusaffected
Version EmbMilanPI-SP3 1.0.0.9
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ Embedded 9004 Series Processors
Default Statusaffected
Version EmbGenoaPI-SP5 1.0.0.9
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ Embedded 8000 Series Processors
Default Statusaffected
Version EmbeddedPhoenixPI-FP7r2_1.2.0.0
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ Embedded 7000 Series Processors
Default Statusaffected
Version EmbeddedAM5PI 1.0.0.3
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ Embedded 5000 Series Processors
Default Statusaffected
Version EmbAM4PI 1.0.0.7
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ Embedded V3000 Series Processors
Default Statusaffected
Version Embedded-PI_FP7r2 100A
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.02
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@amd.com 3.2 1.5 1.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
CWE-459 Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.