CVE-2024-21937
📋 TL;DR
This vulnerability involves incorrect default permissions in the AMD HIP SDK installation directory, allowing local attackers to modify files and potentially escalate privileges to execute arbitrary code. It affects systems with AMD HIP SDK installed, primarily impacting developers and systems using AMD GPU computing frameworks.
💻 Affected Systems
- AMD HIP SDK
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise through privilege escalation leading to arbitrary code execution with elevated privileges.
Likely Case
Local privilege escalation allowing attackers to gain higher permissions on the system.
If Mitigated
Limited impact if proper file permissions and access controls are implemented.
🎯 Exploit Status
Exploitation requires local access to the system. The vulnerability involves file permission manipulation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: HIP SDK 5.7.1 and later
Vendor Advisory: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6015.html
Restart Required: No
Instructions:
1. Download HIP SDK version 5.7.1 or later from AMD website. 2. Uninstall previous HIP SDK version. 3. Install the updated version. 4. Verify installation directory permissions are correct.
🔧 Temporary Workarounds
Manual Permission Fix
linuxManually adjust permissions on HIP SDK installation directory to restrict write access
chmod 755 /opt/rocm-hip-sdk
chown root:root /opt/rocm-hip-sdk
Windows ACL Adjustment
windowsModify Windows ACLs to restrict write permissions on HIP SDK directory
icacls "C:\Program Files\AMD\HIP SDK" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" /grant:r "Administrators:(OI)(CI)F" /grant:r "Users:(OI)(CI)RX"
🧯 If You Can't Patch
- Remove write permissions for non-administrative users from the HIP SDK installation directory
- Monitor file system changes in the HIP SDK directory using audit logs
🔍 How to Verify
Check if Vulnerable:
Check HIP SDK version and verify if installation directory has overly permissive permissions (writable by non-privileged users)Check Version:
hipcc --versionVerify Fix Applied:
Verify HIP SDK version is 5.7.1 or later and check that installation directory permissions only allow privileged users to write📡 Detection & Monitoring
Log Indicators:
- File permission changes in HIP SDK directory
- Unauthorized file modifications in /opt/rocm-hip-sdk or C:\Program Files\AMD\HIP SDK
Network Indicators:
- No network indicators - this is a local privilege escalation
SIEM Query:
EventID=4663 OR EventID=4656 with target path containing 'HIP SDK' OR 'rocm-hip-sdk'