CVE-2024-21980

Summary

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.

Affected Software

VendorProductVersion RangeStatus
AMD3rd Gen AMD EPYC™ Processorsvarious < MilanPI 1.0.0.Daffected
AMD4th Gen AMD EPYC™ Processorsvarious < GenoaPI 1.0.0.Caffected
AMDAMD EPYC™ Embedded 7003various < EmbMilanPI-SP3 1.0.0.9affected
AMDAMD EPYC™ Embedded 9003various < EmbGenoaPI-SP5 1.0.0.7affected

Weaknesses

  • CWE-119: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References