CVE-2024-21922 is a DLL hijacking vulnerability classified under CWE-426 (Untrusted Search Path) affecting AMD StoreMI™, a storage acceleration product by AMD. The vulnerability occurs because the software improperly searches for DLLs in directories that can be influenced by an attacker, allowing malicious DLLs to be loaded instead of legitimate ones. This can be exploited by a local attacker with limited privileges who can trick the system into loading a crafted DLL, resulting in privilege escalation. The attacker must have some level of access to the system and user interaction is required to trigger the exploit. Successful exploitation can lead to arbitrary code execution with elevated privileges, compromising system confidentiality, integrity, and availability. The affected versions are end-of-life with no planned fixes, which means users must rely on mitigation strategies rather than patches. The CVSS v3.1 score is 7.3 (high), reflecting the vulnerability’s significant impact and relatively low complexity of exploitation. No known exploits have been reported in the wild yet, but the risk remains substantial due to the nature of DLL hijacking and the lack of remediation options. The vulnerability highlights the risks of legacy software components in modern environments and the importance of secure DLL loading practices.

For European organizations, this vulnerability poses a significant risk especially in environments where AMD StoreMI™ is deployed on workstations or servers. The privilege escalation can allow attackers to bypass security controls, install persistent malware, or exfiltrate sensitive data, impacting confidentiality and integrity. Availability can also be affected if attackers disrupt storage acceleration services or cause system instability. Critical sectors such as finance, healthcare, and government could face severe operational disruptions and data breaches. The lack of patches increases exposure, particularly in organizations with legacy systems or limited hardware refresh cycles. Attackers with local access—such as through phishing or insider threats—could leverage this vulnerability to gain elevated privileges, making endpoint security and internal access controls crucial. The threat is amplified in environments where StoreMI™ is used to optimize storage performance, as attackers could manipulate storage-related processes to further their objectives.

Since no patches are planned for the affected versions of AMD StoreMI™, European organizations should consider the following specific mitigations: 1) Uninstall or disable AMD StoreMI™ where feasible, especially on critical systems. 2) Implement strict application whitelisting to prevent unauthorized DLLs from loading. 3) Restrict DLL search paths by configuring system policies or using tools like Microsoft’s SetDllDirectory to ensure only trusted directories are used. 4) Employ endpoint detection and response (EDR) solutions to monitor for suspicious DLL loading activities. 5) Limit local user privileges and enforce the principle of least privilege to reduce the attack surface. 6) Conduct regular audits to identify systems running StoreMI™ and assess exposure. 7) Educate users about the risks of executing untrusted files or interacting with suspicious prompts that could trigger the exploit. 8) Consider hardware upgrades or migration to supported storage acceleration solutions with active security maintenance.