5.3

CVE-2024-21944

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAMD
Produkt AMD EPYC™ 7003 Series Processors
Default Statusaffected
Version Milan PI 1.0.0.D
Status unaffected
Version SEV FW 1.55.22 (hex 1.37.16)
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ 9004 Series Processor
Default Statusaffected
Version Genoa PI 1.0.0.D
Status unaffected
Version SEV FW 1.55.38 (hex 1.37.26)
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.126
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@amd.com 5.3 0.8 4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3015.html