3.2

CVE-2024-21977

Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorAMD
Product AMD EPYC™ 7003 Series Processors
Default Statusaffected
Version MilanPI 1.0.0.D
Status unaffected
VendorAMD
Product AMD EPYC™ 9004 Series Processors
Default Statusaffected
Version GenoaPI 1.0.0.C
Status unaffected
VendorAMD
Product AMD EPYC™ 8004 Series Processors
Default Statusaffected
Version GenoaPI 1.0.0.C
Status unaffected
VendorAMD
Product AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors
Default Statusaffected
Version ChagallWSPI-sWRX8 1.0.0.8
Status unaffected
VendorAMD
Product AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version CezannePI-FP6_1.0.1.1
Status unaffected
VendorAMD
Product AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
Default Statusaffected
Version RembrandtPI-FP7/FP7r2_1.0.0.B
Status unaffected
VendorAMD
Product AMD Ryzen™ 5000 Series Desktop Processors
Default Statusaffected
Version ComboAM4v2 1.2.0.Cb
Status unaffected
VendorAMD
Product AMD Ryzen™ 7000 Series Desktop Processors
Default Statusaffected
Version ComboAM5 1.2.0.1
Status unaffected
VendorAMD
Product AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version PhoenixPI-FP8-FP7_1.1.0.3
Status unaffected
VendorAMD
Product AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
Default Statusaffected
Version RembrandtPI-FP7/FP7r2_1.0.0.B
Status unaffected
VendorAMD
Product AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version DragonRangeFL1 1.0.0.3e
Status unaffected
VendorAMD
Product AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors
Default Statusaffected
Version ChagallWSPI-sWRX8 1.0.0.8
Status unaffected
VendorAMD
Product AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics
Default Statusaffected
Version CezannePI-FP6_1.0.1.1
Status unaffected
VendorAMD
Product AMD Ryzen™ 8000 Series Desktop Processors
Default Statusaffected
Version ComboAM5 1.2.0.1
Status unaffected
VendorAMD
Product AMD EPYC™ Embedded 7003 Series Processors
Default Statusaffected
Version EmbMilanPI-SP3 1.0.0.9
Status unaffected
VendorAMD
Product AMD EPYC™ Embedded 9004 Series Processors
Default Statusaffected
Version EmbGenoaPI-SP5 1.0.0.9
Status unaffected
VendorAMD
Product AMD Ryzen™ Embedded 8000 Series Processors
Default Statusaffected
Version EmbeddedPhoenixPI-FP7r2_1.2.0.0
Status unaffected
VendorAMD
Product AMD Ryzen™ Embedded 7000 Series Processors
Default Statusaffected
Version EmbeddedAM5PI 1.0.0.3
Status unaffected
VendorAMD
Product AMD Ryzen™ Embedded 5000 Series Processors
Default Statusaffected
Version EmbAM4PI 1.0.0.7
Status unaffected
VendorAMD
Product AMD Ryzen™ Embedded V3000 Series Processors
Default Statusaffected
Version Embedded-PI_FP7r2 100A
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.02% 0.02
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
psirt@amd.com 3.2 1.5 1.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
CWE-459 Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.