CVE-2024-21974 – This vulnerability in AMD's NPU driver allows a... (How to Fix)

Q: What is the severity of CVE-2024-21974?

CVE-2024-21974 has a CVSS score of 8.8 (HIGH). This vulnerability in AMD's NPU driver allows attackers to execute arbitrary code by exploiting improper input validation. It affects systems with vulnerable AMD processors and drivers. Successful exploitation could lead to complete system compromise.

📋 TL;DR

This vulnerability in AMD's NPU driver allows attackers to execute arbitrary code by exploiting improper input validation. It affects systems with vulnerable AMD processors and drivers. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:

AMD Ryzen AI processors with NPU

Versions: Specific driver versions not specified in advisory

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local access to system; affects systems with AMD Ryzen AI processors

📦 What is this software?

Ryzen Ai Software by Amd

View all CVEs affecting Ryzen Ai Software →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level privileges, allowing data theft, persistence installation, and lateral movement.

🟠

Likely Case

Local privilege escalation from user to kernel mode, enabling system control and data access.

🟢

If Mitigated

Limited impact with proper access controls, but still significant risk due to kernel-level vulnerability.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access; exploitation involves crafting malicious pointer input

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to latest AMD NPU driver

Vendor Advisory: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7017.html

Restart Required: Yes

Instructions:

1. Visit AMD driver download page 2. Download latest NPU driver 3. Install update 4. Restart system

🔧 Temporary Workarounds

Restrict local access

all

Limit physical and remote local access to vulnerable systems

Disable NPU if unused

all

Disable Neural Processing Unit in BIOS/UEFI if not required

🧯 If You Can't Patch

Implement strict access controls and least privilege principles
Monitor for suspicious driver activity and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check AMD driver version against advisory; systems with AMD Ryzen AI processors are potentially affected

Check Version:

On Windows: Check Device Manager > System devices > AMD NPU; On Linux: Check driver version in system logs

Verify Fix Applied:

Verify NPU driver version is updated to latest release

📡 Detection & Monitoring

Log Indicators:

Unusual NPU driver activity
Privilege escalation attempts
Suspicious pointer manipulation

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

Search for: 'AMD NPU driver' AND ('error' OR 'exception' OR 'privilege escalation')

📊 Metadata

CVE ID: CVE-2024-21974

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-20

Published: November 12, 2024

Last Updated: November 15, 2024

🔗 References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7017.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-21974, you might also want to check these: