CVE-2024-21962 PUBLISHED

Assigner: AMD
Reserved: 03.01.2024 Published: 15.05.2026 Updated: 15.05.2026

Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CVSS Score: 8.6

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	High	Confidentiality	High
Attack Complexity	Low	Integrity	High	Integrity	High
Attack Requirements	None	Availability	High	Availability	High
Privileges Required	Low
User Interaction	Active

CVSS 4.0

Product Status

Vendor	AMD
Product	AMD EPYC™ 4005 Series Processors
Versions	Default: affected Version AMD RAID Software: 9.3.3.245 is unaffected

Vendor	AMD
Product	AMD EPYC™ 4004 Series Processors
Versions	Default: affected Version AMD RAID Software: 9.3.3.245 is unaffected

Vendor	AMD
Product	AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors
Versions	Default: affected Version AMD RAID Software: 9.3.3.245 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version No fix planned is unaffected

Vendor	AMD
Product	AMD Ryzen™ Threadripper™ 7000 WX-Series Processors
Versions	Default: affected Version AMD RAID Software: 9.3.3.245 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 9000HX Series Processors
Versions	Default: affected Version AMD RAID Software: 9.3.3.245 is unaffected

Vendor	AMD
Product	AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors
Versions	Default: affected Version AMD RAID Software: 9.3.3.245 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 3000 Series Desktop Processors
Versions	Default: affected Version No fix planned is unaffected

Vendor	AMD
Product	AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version No fix planned is unaffected

Vendor	AMD
Product	AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics
Versions	Default: affected Version No fix planned is unaffected

Vendor	AMD
Product	AMD Ryzen™ 5000 Series Desktop Processors
Versions	Default: affected Version No fix planned is unaffected

Vendor	AMD
Product	AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version AMD RAID Software: 9.3.3.245 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version AMD RAID Software: 9.3.3.245 is unaffected

Vendor	AMD
Product	AMD Ryzen™ Z2 Series Processors
Versions	Default: affected Version AMD RAID Software: 9.3.3.245 is unaffected

Vendor	AMD
Product	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version No fix planned is unaffected

Vendor	AMD
Product	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version No fix planned is unaffected

Vendor	AMD
Product	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
Versions	Default: affected Version No fix planned is unaffected

Vendor	AMD
Product	AMD Ryzen™ AI 300 Series Processors
Versions	Default: affected Version AMD RAID Software: 9.3.3.245 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
Versions	Default: affected Version No fix planned is unaffected

Vendor	AMD
Product	AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version AMD RAID Software: 9.3.3.245 is unaffected

Vendor	AMD
Product	AMD Ryzen™ AI Max 300 Series Processors
Versions	Default: affected Version AMD RAID Software: 9.3.3.245 is unaffected

Vendor	AMD
Product	AMD Ryzen™ Threadripper™ 9000 Series
Versions	Default: affected Version AMD RAID Software: 9.3.3.245 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 2000 Mobile Processors
Versions	Default: affected Version No fix planned is unaffected

Vendor	AMD
Product	AMD Ryzen™ 4000 Series Desktop Processors
Versions	Default: affected Version No fix planned is unaffected

Vendor	AMD
Product	AMD Ryzen™ 7000 Series Desktop Processors
Versions	Default: affected Version AMD RAID Software: 9.3.3.245 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 8000 Series Desktop Processors
Versions	Default: affected Version AMD RAID Software: 9.3.3.245 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 9000 Series Desktop Processors
Versions	Default: affected Version AMD RAID Software: 9.3.3.245 is unaffected

Vendor	AMD
Product	AMD EPYC™ Embedded 4005 Series Processors
Versions	Default: affected Version Embedded EPYC_4005 Windows RAID Driver - 9.3.3.00245 - (71794) is unaffected

Credits

Reported through AMD Bug Bounty Program

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4016.html

Problem Types

CWE-1220 Insufficient Granularity of Access Control CWE