Incomplete Cleanup

CVE-2024-21977

Low

3.2/10

Summary

Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: LOW
Scope: CHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-459 - Incomplete Cleanup

The software does not properly "clean up" and remove temporary or supporting resources after they have been used.

References

Advisory Timeline

Published Sep 05, 2025

Incomplete Cleanup

CVE-2024-21977

Summary

CWE-459 - Incomplete Cleanup

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS