CVE-2024-21922 is a DLL hijacking vulnerability classified under CWE-426 (Untrusted Search Path) affecting AMD StoreMI™, a storage acceleration product by AMD. The vulnerability allows an attacker with local access and limited privileges to escalate their privileges by exploiting the way StoreMI™ loads DLLs. Specifically, the software does not securely specify the full path when loading DLLs, enabling an attacker to place a malicious DLL in a location that is searched before the legitimate DLL, causing the malicious code to be loaded and executed with elevated privileges. The CVSS 3.1 base score is 7.3, indicating high severity, with attack vector local (AV:L), low attack complexity (AC:L), requiring privileges (PR:L), and user interaction (UI:R). The impact on confidentiality, integrity, and availability is high, as arbitrary code execution with elevated privileges can lead to full system compromise. The product is end-of-life with no planned fixes, increasing exposure for users who continue to deploy it. No known exploits have been reported in the wild, but the vulnerability's nature and severity make it a significant risk. The vulnerability was reserved in early 2024 and published in late 2025, reflecting a relatively recent discovery. The lack of patch availability necessitates alternative mitigation strategies.

For European organizations, the impact of CVE-2024-21922 can be substantial. Organizations using AMD StoreMI™ in their desktops, workstations, or servers may face privilege escalation attacks that can lead to full system compromise. This can result in unauthorized access to sensitive data, disruption of critical services, and potential lateral movement within networks. Sectors such as finance, healthcare, government, and critical infrastructure are particularly at risk due to the sensitive nature of their data and operations. The inability to patch the vulnerability due to the product's end-of-life status exacerbates the risk, forcing organizations to rely on compensating controls. Additionally, the requirement for local access and user interaction limits remote exploitation but does not eliminate risk from insider threats or social engineering attacks. The high confidentiality, integrity, and availability impact means that successful exploitation could lead to data breaches, operational downtime, and reputational damage.

Given the absence of patches, European organizations should implement specific mitigations: 1) Identify and inventory all systems running AMD StoreMI™ and assess their criticality. 2) Where possible, uninstall or disable AMD StoreMI™ to eliminate the attack surface. 3) Restrict DLL search paths by configuring system policies to enforce loading DLLs only from trusted directories, such as system32, and avoid current working directory or user-writable paths. 4) Employ application whitelisting solutions to prevent unauthorized DLLs from executing. 5) Use endpoint detection and response (EDR) tools to monitor for suspicious DLL loading behaviors and privilege escalation attempts. 6) Educate users about the risk of executing untrusted files and the importance of avoiding suspicious prompts requiring interaction. 7) Limit local user privileges to the minimum necessary to reduce the impact of potential exploitation. 8) Monitor logs for unusual activity related to StoreMI™ or DLL loading failures. These targeted actions go beyond generic advice and address the specific nature of the vulnerability.