Security Vulnerability Report
中文
CVE-2024-21923 CVSS 7.3 HIGH

CVE-2024-21923

Published: 2025-11-23 17:15:47
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Incorrect default permissions in AMD StoreMI™ could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

CVSS Details

CVSS Score
7.3
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

AMD StoreMI < 2.0.0.0209
AMD StoreMI所有版本(官方修复前)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2024-21923 PoC - AMD StoreMI权限提升 # 免责声明:仅供安全研究和教育目的使用 import os import sys import win32api import win32security import win32con import ntsecuritycon as con def check_storeMI_permissions(): """检查StoreMI目录的权限配置""" storeMI_paths = [ r"C:\Program Files\AMD\AMD StoreMI", r"C:\Program Files (x86)\AMD\AMD StoreMI", r"C:\Windows\System32\drivers\amdstoreMi.sys" ] for path in storeMI_paths: if os.path.exists(path): print(f"[+] Found StoreMI path: {path}") try: sd = win32security.GetFileSecurity( path, win32security.DACL_SECURITY_INFORMATION ) dacl = sd.GetSecurityDescriptorDacl() print(f"[*] Checking permissions for: {path}") for i in range(dacl.GetAceCount()): ace = dacl.GetAce(i) trustee = ace[1].GetNamedFields()[1][1] access_mask = ace[1].access_mask # 检查是否有过度写入权限 if access_mask & con.GENERIC_WRITE: print(f"[!] WARNING: User has WRITE access - Potential vulnerability") if access_mask & con.GENERIC_ALL: print(f"[!] CRITICAL: User has FULL access - Vulnerability confirmed") except Exception as e: print(f"[-] Error checking {path}: {e}") def exploit_storeMI(): """ 权限提升利用演示 实际攻击需要替换目标文件或DLL """ target_file = r"C:\Program Files\AMD\AMD StoreMI\amdstoreMI.exe" malicious_payload = "malicious_code_here" if os.path.exists(target_file): print(f"[+] Target file exists: {target_file}") print(f"[*] In real attack, replace with malicious executable...") print(f"[*] Wait for service restart or admin interaction to trigger") print(f"[*] Gain SYSTEM level code execution") else: print(f"[-] Target file not found or StoreMI not installed") if __name__ == "__main__": print("=== CVE-2024-21923 AMD StoreMI Vulnerability Check ===") check_storeMI_permissions()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2024-21923", "sourceIdentifier": "[email protected]", "published": "2025-11-23T17:15:47.010", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect default permissions in AMD StoreMI™ could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.3, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-426"}]}], "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4010.html", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.