CVE-2024-21945

Published: Nov 12, 2024Modified: Dec 18, 2024

7.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.3 / Impact: 5.9

Source: NVD

Description

Incorrect default permissions in the AMD RyzenTM Master monitoring SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

Affected (1)

Products: Amd: Ryzen Master Monitoring Software Development Kit

Amd

1 product

Ryzen Master Monitoring Software Development Kit

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Amd Ryzen Master Monitoring Software Development Kit	Before 2.13.0.2915

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (1)

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9004.html

Source: psirt@amd.com

Vendor Advisory

Timeline

No history available yet.