CVE-2024-21944

Published: Jun 10, 2026Modified: Jun 11, 2026

5.3

Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

Exploitability: 0.8 / Impact: 4.0

Source: psirt@amd.com (Secondary)

Description

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (1)

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3015.html

Source: psirt@amd.com

Timeline

No history available yet.