CVE-2024-21946
📋 TL;DR
This vulnerability allows local attackers to escalate privileges by exploiting incorrect default permissions in the AMD Ryzen Master Utility installation directory. Attackers could modify or replace files to execute arbitrary code with elevated privileges. Only users with AMD Ryzen Master Utility installed are affected.
💻 Affected Systems
- AMD Ryzen Master Utility
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with administrative privileges, allowing installation of persistent malware, data theft, or complete system control.
Likely Case
Local privilege escalation enabling attackers to bypass security controls, install additional malware, or access restricted system resources.
If Mitigated
Limited impact if proper access controls and least privilege principles are enforced, though local attackers could still attempt exploitation.
🎯 Exploit Status
Exploitation requires local access to the system. The vulnerability involves manipulating files in the installation directory to achieve privilege escalation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version with security update (check AMD advisory for specific version)
Vendor Advisory: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9004.html
Restart Required: Yes
Instructions:
1. Visit AMD's security advisory page
2. Download the latest version of AMD Ryzen Master Utility
3. Uninstall the current version
4. Install the updated version
5. Restart the system
🔧 Temporary Workarounds
Restrict installation directory permissions
windowsManually adjust permissions on the AMD Ryzen Master installation directory to prevent unauthorized modifications
icacls "C:\Program Files\AMD\RyzenMaster" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" "Users:(OI)(CI)RX" /T
Remove unnecessary software
windowsUninstall AMD Ryzen Master Utility if not required for system operation
Control Panel > Programs > Uninstall a program > Select AMD Ryzen Master > Uninstall
🧯 If You Can't Patch
- Uninstall AMD Ryzen Master Utility if not essential for operations
- Implement strict access controls and monitor for unauthorized file modifications in the installation directory
🔍 How to Verify
Check if Vulnerable:
Check if AMD Ryzen Master Utility is installed and review installation directory permissions for excessive access rightsCheck Version:
Check the version in Control Panel > Programs or run the Ryzen Master application to see version informationVerify Fix Applied:
Verify the installed version matches or exceeds the patched version from AMD's advisory and confirm proper directory permissions📡 Detection & Monitoring
Log Indicators:
- Unauthorized file modifications in AMD Ryzen Master installation directory
- Process creation from unexpected locations within the installation path
Network Indicators:
- Not applicable - local privilege escalation vulnerability
SIEM Query:
EventID=4663 OR EventID=4656 AND ObjectName contains "RyzenMaster" AND AccessMask includes WRITE_DAC or WRITE_OWNER