Insufficient Granularity of Access Control

CVE-2024-21962

High

8.6/10

Summary

Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution.

Attack Complexity: LOW
Attack Vector: LOCAL
User Interaction: ACTIVE
Privileges Required: LOW

CWE-1220 - Insufficient Granularity of Access Control

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

References

Advisory Timeline

Published May 15, 2026

Insufficient Granularity of Access Control

CVE-2024-21962

Summary

CWE-1220 - Insufficient Granularity of Access Control

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS