CVE-2024-21961

Summary

Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 7002 Series ProcessorsNo Fix Plannedunaffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsErrata #1165,1166,1526unaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsErrata #1526unaffected
AMDAMD Ryzen™ 5000 Series Desktop ProcessorsErrata #1165,1166,1526unaffected
AMDAMD Ryzen™ 3000 Series Desktop ProcessorsErrata #1165,1166,1526unaffected
AMDAMD Ryzen™ Z1 Series ProcessorsErrata #1526unaffected
AMDAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ GraphicsErrata #1526unaffected
AMDAMD Ryzen™ 8040 Series Mobile Processors with Radeon™ GraphicsErrata #1526unaffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsErrata #1526unaffected
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsErrata #1165,1166,1526unaffected
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsErrata #1526unaffected
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsErrata #1165,1166,1526unaffected
AMDAMD Ryzen™ 7045 Series Mobile Processors with Radeon™ GraphicsErrata #1526unaffected
AMDAMD Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsErrata #1165,1166,1526unaffected
AMDAMD Ryzen™ 4000 Series Desktop ProcessorsErrata #1165,1166,1526unaffected
AMDAMD Ryzen™ Z2 Series ProcessorsErrata #1526unaffected
AMDAMD Ryzen™ 8040 Series Mobile Processors with Radeon™ GraphicsErrata #1526unaffected
AMDAMD EPYC™ Embedded 7002 Series ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ Embedded 5000 Series ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ Embedded V2000 Series ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ Embedded V3000 Series ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ Embedded 8000 Series ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ Embedded 7000 Series ProcessorsNo fix plannedunaffected

Weaknesses

  • CWE-119: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References