CVE-2024-21970 | THREATINT

Description

Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity.

PUBLISHED Reserved 2024-01-03 | Published 2025-09-06 | Updated 2025-09-08 | Assigner AMD

MEDIUM: 4.4CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Problem types

CWE-129 Improper Validation of Array Index

Product status

Default status

affected

CastlePeakPI-SP3r3 1.0.0.C

unaffected

Default status

affected

ChagallWSPI-sWRX8-1.0.0.9

unaffected

Default status

affected

CastlePeakWSPI-sWRX8 1.0.0.E

unaffected

ChagallWSPI-sWRX8-1.0.0.9

unaffected

Default status

affected

Picasso-FP5 1.0.1.2

unaffected

Default status

affected

ComboAM4v2PI_1.2.0.D

unaffected

Default status

affected

ComboAM4PI_1.0.0.F

unaffected

Default status

affected

ComboAM5 1.2.0.0

unaffected

Default status

affected

RenoirPI-FP6_1.0.0.E

unaffected

Default status

affected

RembrandtPI-FP7_1.0.0.B

unaffected

Default status

affected

MendocinoPI-FT6_1.0.0.6

unaffected

Default status

affected

DragonRangeFL1 1.0.0.3d

unaffected

Default status

affected

RembrandtPI-FP7_1.0.0.B

unaffected

Default status

affected

ComboAM5 1.2.0.0

unaffected

Default status

affected

CezannePI-FP6_1.0.1.1

unaffected

Default status

affected

CezannePI-FP6_1.0.1.1

unaffected

Default status

affected

Picasso-FP5 1.0.1.2

unaffected

Default status

affected

Picasso-FP5 1.0.1.2

unaffected

Default status

affected

ComboAM4PI_1.0.0.F

unaffected

Default status

affected

ComboAM4PI_1.0.0.F

unaffected

Default status

affected

EmbeddedPI-FP5 1.2.0.E

unaffected

Default status

affected

EmbeddedR2KPI-FP5 1005

unaffected

Default status

affected

EmbeddedAM5PI 1.0.0.3

unaffected

Default status

affected

EmbAM4PI 1.0.0.7

unaffected

Default status

affected

EmbeddedPI-FP5 1.2.0.E

unaffected

Default status

affected

EmbeddedPI-FP6_1.0.0.B

unaffected

Default status

affected

Embedded-PI_FP7r2 100A

unaffected

References

www.amd.com/...es/product-security/bulletin/AMD-SB-4012.html

www.amd.com/...es/product-security/bulletin/AMD-SB-5007.html

cve.org (CVE-2024-21970)

nvd.nist.gov (CVE-2024-21970)

Download JSON