How severe is CVE-2024-21981?

Medium severity. CVSS v3 base score is 5.7 out of 10.

Is CVE-2024-21981 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics

CVE-2024-21981

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality a…

EPSS: 0.001 (16.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.7 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N.

Affected products

Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics — versions various
Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics — versions various
Amd Epyc™ 7001 Series Processors — versions various
Amd Epyc™ 7002 Series Processors — versions various
Amd Epyc™ 7003 Series Processors — versions various
Amd Epyc™ Embedded 3000 Series Processors — versions various
Amd Epyc™ Embedded 7002 Series Processors — versions various
Amd Epyc™ Embedded 7003 Series Processors — versions various
Amd Ryzen™ 3000 Series Desktop Processors — versions various
Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics — versions various

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html (vendor-advisory)

Frequently asked questions

What is CVE-2024-21981?: CVE-2024-21981 is a medium-severity vulnerability in Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics. CVSS score: 5.7/10. Published 2024-08-13.
How severe is CVE-2024-21981?: Medium severity. CVSS v3 base score is 5.7 out of 10.
Is CVE-2024-21981 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.