CVE-2024-21944

Summary

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 7003 Series ProcessorsMilan PI 1.0.0.Dunaffected
AMDAMD EPYC™ 7003 Series ProcessorsSEV FW 1.55.22 (hex 1.37.16)unaffected
AMDAMD EPYC™ 9004 Series ProcessorGenoa PI 1.0.0.Dunaffected
AMDAMD EPYC™ 9004 Series ProcessorSEV FW 1.55.38 (hex 1.37.26)unaffected

Weaknesses

  • CWE-20: CWE-20 Improper input validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References