Vulnerability in Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics
CVE-2024-21970
Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity.
EPSS: 0.000 (8.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N.
Affected products
- Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics — versions ComboAM4PI_1.0.0.F
- Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics — versions Picasso-FP5 1.0.1.2
- Amd Ryzen™ 3000 Series Desktop Processors — versions ComboAM4PI_1.0.0.F
- Amd Ryzen™ 3000 Series Mobile Processors With Radeon™ Graphics — versions Picasso-FP5 1.0.1.2
- Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics — versions RenoirPI-FP6_1.0.0.E
- Amd Ryzen™ 5000 Series Desktop Processors — versions ComboAM4PI_1.0.0.F
- Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics — versions CezannePI-FP6_1.0.1.1
- Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics — versions RembrandtPI-FP7_1.0.0.B
- Amd Ryzen™ 7000 Series Desktop Processors — versions ComboAM5 1.2.0.0
- Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics — versions MendocinoPI-FT6_1.0.0.6
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2024-21970?
- CVE-2024-21970 is a medium-severity vulnerability in Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics, classified under Improper Validation of Array Index. CVSS score: 4.4/10. Published 2025-09-06.
- How severe is CVE-2024-21970?
- Medium severity. CVSS v3 base score is 4.4 out of 10.
- Is CVE-2024-21970 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.