Key management errors in AMD products - CVE-2024-21981
Published: October 2, 2024
1st Gen AMD EPYC Processors
2nd Gen AMD EPYC Processors
3rd Gen AMD EPYC Processors
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper key usage control in AMD Secure Processor (ASP). A local user with arbitrary code execution privilege in ASP can extract ASP cryptographic keys.
How to mitigate CVE-2024-21981
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
According to vendor's statement this vulnerability will not be fixed.