5.3
CVE-2024-21944
- EPSS 0.22%
- Veröffentlicht 10.06.2026 21:54:19
- Zuletzt bearbeitet 11.06.2026 14:43:18
- Quelle psirt@amd.com
- CVE-Watchlists
- Unerledigt
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAMD
≫
Produkt
AMD EPYC™ 7003 Series Processors
Default Statusaffected
Version
Milan PI 1.0.0.D
Status
unaffected
Version
SEV FW 1.55.22 (hex 1.37.16)
Status
unaffected
HerstellerAMD
≫
Produkt
AMD EPYC™ 9004 Series Processor
Default Statusaffected
Version
Genoa PI 1.0.0.D
Status
unaffected
Version
SEV FW 1.55.38 (hex 1.37.26)
Status
unaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.126 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@amd.com | 5.3 | 0.8 | 4 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3015.html