CVE-2024-21978

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.9HIGH

EPSS

1.6%

top 17.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD 3RD GEN AMD Epyc™ Processors AMD 4TH GEN AMD Epyc™ Processors AMD AMD Epyc™ Embedded 7003 +87 more

Timeline

PublishedAug 5

Description

Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 0.8 | Impact: 5.2

Affected Packages90 packages

▶NVDamd/epyc_7203_firmware< milanpi_1.0.0.d

▶NVDamd/epyc_72f3_firmware< milanpi_1.0.0.d

▶NVDamd/epyc_7303_firmware< milanpi_1.0.0.d

▶NVDamd/epyc_7313_firmware< milanpi_1.0.0.d

▶NVDamd/epyc_7343_firmware< milanpi_1.0.0.d

🔴Vulnerability Details

CVEList

CVE-2024-21978: Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data↗2024-08-05

▶

GHSA

GHSA-rf8m-mggj-3g74: Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data↗2024-08-05

▶

📋Vendor Advisories

Red Hat

linux-firmware: hw:amd: Improper input validation in SEV-SNP↗2024-08-05

▶