CVE-2024-21925
Published: Feb 11, 2025
Modified: Jun 27, 2025
CVSS v3.1
8.2
Description
Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.
| Vendor | Product | Versions |
|---|---|---|
AMD | AMD EPYC™ 7001 Processors | unaffected Naples PI 1.0.0.N |
AMD | AMD EPYC™ 7002 Processors | unaffected Rome PI 1.0.0.K |
AMD | AMD EPYC™ 9004 Processors | unaffected Genoa PI 1.0.0.D |
AMD | AMD EPYC™ 7003 Processors | unaffected Milan PI 1.0.0.E |
AMD | AMD Ryzen™ 3000 Series Desktop Processors | unaffected ComboAM4PI 1.0.0.Cunaffected ComboAM4v2PI 1.2.0.D |
AMD | AMD Ryzen™ 5000 Series Desktop Processors | unaffected ComboAM4v2PI 1.2.0.D |
AMD | AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics | unaffected ComboAM4v2PI 1.2.0.D |
AMD | AMD Ryzen™ 7000 Series Desktop Processors | unaffected ComboAM5PI 1.2.0.2bunaffected ComboAM5PI 1.1.0.3bunaffected ComboAM5PI 1.0.0.a |
AMD | AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics | unaffected ComboAM4PI 1.0.0.Cunaffected ComboAM4v2PI 1.2.0.D |
AMD | AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics | unaffected ComboAM4v2PI 1.2.0.D |
AMD | AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics | unaffected ComboAM5PI 1.2.0.2bunaffected ComboAM5PI 1.1.0.3b |
AMD | AMD Ryzen™ Threadripper™ 3000 Series Processors | unaffected CastlePeakPI-SP3r3 1.0.0.D |
AMD | AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors | unaffected CastlePeakWSPI-sWRX8 1.0.0.Funaffected ChagallWSPI-sWRX8 1.0.0.9 |
AMD | AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors | unaffected ChagallWSPI-sWRX8 1.0.0.9 |
AMD | AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors | unaffected StormPeakPI-SP6 1.1.0.0hunaffected StormPeakPI-SP6 1.0.0.1j |
AMD | AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics | unaffected PicassoPI-FP5 1.0.1.2aunaffected PollockPI-FT5 1.0.0.8a |
AMD | AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics | unaffected PicassoPI-FP5 1.0.1.2a |
AMD | AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics | unaffected RenoirPI-FP6 1.0.0.Ea |
AMD | AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics | unaffected CezannePI-FP6 1.0.1.1a |
AMD | AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics | unaffected MendocinoPI-FT6 1.0.0.7a |
AMD | AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics | unaffected RembrandtPI-FP7 1.0.0.Ba |
AMD | AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics | unaffected RembrandtPI-FP7 1.0.0.Ba |
AMD | AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics | unaffected PhoenixPI-FP8-FP7 1.1.8.0 |
AMD | AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics | unaffected PhoenixPI-FP8-FP7 1.1.8.0 |
AMD | AMD Ryzen™ 7000 Series Mobile Processors | unaffected DragonRangeFL1PI 1.0.0.3f |
AMD | AMD EPYC™ Embedded 3000 | unaffected SnowyOwlPI 1.1.0.E |
AMD | AMD EPYC™ Embedded 7002 | unaffected EmbRomePI-SP3 1.0.0.D |
AMD | AMD EPYC™ Embedded 7003 | unaffected EmbMilanPI-SP3 1.0.0.A |
AMD | AMD EPYC™ Embedded 9004 | unaffected EmbGenoaPI 1.0.0.9 |
AMD | AMD Ryzen™ Embedded 5000 | unaffected EmbAM4PI 1.0.0.7 |
AMD | AMD Ryzen™ Embedded 7000 | unaffected EmbeddedV2KAPI-FP6 1.0.0.7 |
AMD | AMD Ryzen™ Embedded V2000 | unaffected EmbeddedPI-FP6 1.0.0.B |
AMD | AMD Ryzen™ Embedded V3000 | unaffected EmbeddedPI_FP7R2 1.0.0.C |
AMD | AMD Ryzen™ Embedded 8000 | unaffected EmbeddedPhoenixPI-FP7r2_1.2.0.0 |
AMD | AMD Ryzen™ Embedded R1000 | unaffected EmbeddedPI-FP5 1.2.0.F |
AMD | AMD Ryzen™ Embedded R2000 | unaffected EmbeddedR2KPIFP5 1.0.0.5 |
AMD | AMD Ryzen™ Embedded V1000 | unaffected EmbeddedPI-FP5 1.2.0.F |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now