CVE-2024-21970

MEDIUM

AMD Ryzen Threadripper 3000/5000 and Athlon 3000 Series Processors - Memory Corruption via AGESA Array Index Validation

Title source: llm

Description

Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity.

References (2)

Core 2

Core References

Vendor Advisory

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html

Vendor Advisory

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html

Scores

CVSS v3 4.4

EPSS 0.0013

EPSS Percentile 2.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-129

Status published

Products (26)

AMD/AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics ComboAM4PI_1.0.0.F

AMD/AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Picasso-FP5 1.0.1.2

AMD/AMD Ryzen™ 3000 Series Desktop Processors ComboAM4PI_1.0.0.F

AMD/AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics Picasso-FP5 1.0.1.2

AMD/AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics RenoirPI-FP6_1.0.0.E

AMD/AMD Ryzen™ 5000 Series Desktop Processors ComboAM4PI_1.0.0.F

AMD/AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics CezannePI-FP6_1.0.1.1

AMD/AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics RembrandtPI-FP7_1.0.0.B

AMD/AMD Ryzen™ 7000 Series Desktop Processors ComboAM5 1.2.0.0

AMD/AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics MendocinoPI-FT6_1.0.0.6

... and 16 more

Published Sep 06, 2025

Tracked Since Feb 18, 2026