CVE-2024-21962

HIGH

AMD EPYC 4005 Series Processors - Privilege Escalation and Arbitrary Code Execution via AMD RAID Driver

Title source: llm

Description

Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution.

References (1)

Core 1

Core References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4016.html

Scores

CVSS v4 8.6

EPSS 0.0001

EPSS Percentile 2.8%

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1220

Status published

Products (28)

AMD/AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics No fix planned

AMD/AMD EPYC™ 4004 Series Processors AMD RAID Software: 9.3.3.245

AMD/AMD EPYC™ 4005 Series Processors AMD RAID Software: 9.3.3.245

AMD/AMD EPYC™ Embedded 4005 Series Processors Embedded EPYC_4005 Windows RAID Driver - 9.3.3.00245 - (71794)

AMD/AMD Ryzen™ 2000 Mobile Processors No fix planned

AMD/AMD Ryzen™ 3000 Series Desktop Processors No fix planned

AMD/AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics No fix planned

AMD/AMD Ryzen™ 4000 Series Desktop Processors No fix planned

AMD/AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics No fix planned

AMD/AMD Ryzen™ 5000 Series Desktop Processors No fix planned

... and 18 more

Published May 15, 2026

Tracked Since May 15, 2026