CVE-2024-21953

Summary

Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 9004 Series ProcessorsGenoaPI 1.0.0.Funaffected
AMDAMD EPYC™ 8004 Series ProcessorsGenoaPI 1.0.0.Funaffected
AMDAMD EPYC™ Embedded 9004 Series ProcessorsEmbGenoaPI-SP5 1.0.0.Bunaffected

Weaknesses

  • CWE-1284: CWE-1284 Improper Validation of Specified Quantity in Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References