CVE-2024-21978

Summary

Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.

Affected Software

VendorProductVersion RangeStatus
AMD3rd Gen AMD EPYC™ Processorsvarious < MilanPI 1.0.0.Daffected
AMD4th Gen AMD EPYC™ Processorsvarious < GenoaPI 1.0.0.Caffected
AMDAMD EPYC™ Embedded 7003various < EmbMilanPI-SP3 1.0.0.9affected
AMDAMD EPYC™ Embedded 9003various < EmbGenoaPI-SP5 1.0.0.7affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References