What is CVE-2024-21925?

CVE-2024-21925 is a high-severity vulnerability in Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics, classified under Improper Input Validation. CVSS score: 8.2/10. Published 2025-02-11.

How severe is CVE-2024-21925?

High severity. CVSS v3 base score is 8.2 out of 10.

Improper input validation in Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics

CVE-2024-21925

Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (21.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics — versions ComboAM4PI 1.0.0.C, ComboAM4v2PI 1.2.0.D
Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics — versions PicassoPI-FP5 1.0.1.2a, PollockPI-FT5 1.0.0.8a
Amd Epyc™ 7001 Processors — versions Naples PI 1.0.0.N
Amd Epyc™ 7002 Processors — versions Rome PI 1.0.0.K
Amd Epyc™ 7003 Processors — versions Milan PI 1.0.0.E
Amd Epyc™ 9004 Processors — versions Genoa PI 1.0.0.D
Amd Epyc™ Embedded 3000 — versions SnowyOwlPI 1.1.0.E
Amd Epyc™ Embedded 7002 — versions EmbRomePI-SP3 1.0.0.D
Amd Epyc™ Embedded 7003 — versions EmbMilanPI-SP3 1.0.0.A
Amd Epyc™ Embedded 9004 — versions EmbGenoaPI 1.0.0.9

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html

Frequently asked questions

What is CVE-2024-21925?: CVE-2024-21925 is a high-severity vulnerability in Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics, classified under Improper Input Validation. CVSS score: 8.2/10. Published 2025-02-11.
How severe is CVE-2024-21925?: High severity. CVSS v3 base score is 8.2 out of 10.