CVE-2024-21944 PUBLISHED

Assigner: AMD
Reserved: 03.01.2024 Published: 10.06.2026 Updated: 11.06.2026

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
CVSS Score: 5.3

Attack Vector	Local	Scope	Changed
Attack Complexity	High	Confidentiality Impact	None
Privileges Required	High	Integrity Impact	High
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	AMD
Product	AMD EPYC™ 7003 Series Processors
Versions	Default: affected Version Milan PI 1.0.0.D is unaffected Version SEV FW 1.55.22 (hex 1.37.16) is unaffected

Vendor	AMD
Product	AMD EPYC™ 9004 Series Processor
Versions	Default: affected Version Genoa PI 1.0.0.D is unaffected Version SEV FW 1.55.38 (hex 1.37.26) is unaffected

References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3015.html

Problem Types

CWE-20 Improper input validation CWE