CVE-2024-21944
5.3
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
Summary
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | AMD EPYC™ 7003 Series Processors | Milan PI 1.0.0.D | unaffected |
| AMD | AMD EPYC™ 7003 Series Processors | SEV FW 1.55.22 (hex 1.37.16) | unaffected |
| AMD | AMD EPYC™ 9004 Series Processor | Genoa PI 1.0.0.D | unaffected |
| AMD | AMD EPYC™ 9004 Series Processor | SEV FW 1.55.38 (hex 1.37.26) | unaffected |
Weaknesses
- CWE-20: CWE-20 Improper input validation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.