CVE-2024-21925
HIGHAMD Firmware AmdPspP2CmboxV2 - SMRAM Overwrite Code Execution
Title source: manualDescription
Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.
References (1)
Core 1
Core References
Scores
CVSS v3
8.2
EPSS
0.0007
EPSS Percentile
21.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (45)
AMD/AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
ComboAM4PI 1.0.0.C
AMD/AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
ComboAM4v2PI 1.2.0.D
AMD/AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
PicassoPI-FP5 1.0.1.2a
AMD/AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
PollockPI-FT5 1.0.0.8a
AMD/AMD EPYC™ 7001 Processors
Naples PI 1.0.0.N
AMD/AMD EPYC™ 7002 Processors
Rome PI 1.0.0.K
AMD/AMD EPYC™ 7003 Processors
Milan PI 1.0.0.E
AMD/AMD EPYC™ 9004 Processors
Genoa PI 1.0.0.D
AMD/AMD EPYC™ Embedded 3000
SnowyOwlPI 1.1.0.E
AMD/AMD EPYC™ Embedded 7002
EmbRomePI-SP3 1.0.0.D
... and 35 more
Published
Feb 11, 2025
Tracked Since
Feb 18, 2026