CVE-2024-21977

LOW EPSS 3.7%
Published Sep 5, 20259mo ago · Modified Jun 17, 20262w ago
3.2 CVSS 3.1
Low
Find Similar
Published Sep 5, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests.

CVSS Details

Base Score
3.2
Exploitability
1.5
Impact
1.4
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Changed
Confidentiality None
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
3.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-459

References 3

  • amd.com https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3014.html
  • amd.com https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html
  • amd.com https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.