CVE-2024-21944 | ByteOS Network

Vulnerability Details :

CVE-2024-21944

Assigner-AMD

Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648

Published At-10 Jun, 2026 | 21:54

Updated At-10 Jun, 2026 | 21:54

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.

▼Common Vulnerabilities and Exposures (CVE)

Assigner:AMD

Assigner Org ID:b58fc414-a1e4-4f92-9d70-1add41838648

Published At:10 Jun, 2026 | 21:54

Updated At:10 Jun, 2026 | 21:54

▼CVE Numbering Authority (CNA)

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.

Affected Products

Vendor

Advanced Micro Devices, Inc.

Product

AMD EPYC™ 7003 Series Processors

Default Status

affected

Versions

Unaffected

Milan PI 1.0.0.D
SEV FW 1.55.22 (hex 1.37.16)

Vendor

Advanced Micro Devices, Inc.

Product

AMD EPYC™ 9004 Series Processor

Default Status

affected

Versions

Unaffected

Genoa PI 1.0.0.D
SEV FW 1.55.38 (hex 1.37.26)

Problem Types

Type	CWE ID	Description
CWE	CWE-20	CWE-20 Improper input validation

Type: CWE

CWE ID: CWE-20

Description: CWE-20 Improper input validation

Metrics

Version	Base score	Base severity	Vector
3.1	5.3	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

References

Hyperlink	Resource
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3015.html	N/A

Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3015.html

Resource: N/A

▼National Vulnerability Database (NVD)

Source:psirt@amd.com

Published At:10 Jun, 2026 | 23:16

Updated At:10 Jun, 2026 | 23:16

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.3	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

Weaknesses

CWE ID	Type	Source
CWE-20	Secondary	psirt@amd.com

CWE ID: CWE-20

Type: Secondary

Source: psirt@amd.com

References

Hyperlink	Source	Resource
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3015.html	psirt@amd.com	N/A

Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3015.html

Source: psirt@amd.com

Resource: N/A

Similar CVEs

56Records found

Matching Score-6

Assigner-Advanced Micro Devices Inc.

Matching Score-6

Assigner-Advanced Micro Devices Inc.

CVSS Score-8.4||HIGH

EPSS-0.03% / 9.65%

||

7 Day CHG~0.00%

Published-15 May, 2026 | 01:52

Updated-15 May, 2026 | 14:10

Improper input validation within the AMD Platform Management Framework (PMF) could allow an attacker to unmap arbitrary memory pages potentially impacting integrity and availability, or allowing privilege escalation resulting in loss of confidentiality.

Vendor-Advanced Micro Devices, Inc.

Product-AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Phoenix")AMD Ryzen™ AI 300 Series Processors (formerly codenamed "Strix Point")AMD Ryzen™ Embedded 8000 Series Processors AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Hawk Point")AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics (formerly codenamed "Rembrandt R")AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics (formerly codenamed "Rembrandt")AMD Ryzen™ Al Max+

CWE ID-CWE-20

Improper Input Validation

Matching Score-6

Assigner-Advanced Micro Devices Inc.

Matching Score-6

Assigner-Advanced Micro Devices Inc.

CVSS Score-8.2||HIGH

EPSS-0.07% / 21.26%

||

7 Day CHG~0.00%

Published-11 Feb, 2025 | 20:39

Updated-15 Apr, 2026 | 00:35

Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.

Vendor-Advanced Micro Devices, Inc.

Product-AMD Ryzen™ Embedded 7000 AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics AMD EPYC™ 7002 Processors AMD Ryzen™ Threadripper™ 3000 Series Processors AMD Ryzen™ Embedded R1000 AMD Ryzen™ Embedded 8000 AMD Ryzen™ Embedded R2000 AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics AMD Ryzen™ 7000 Series Mobile Processors AMD Ryzen™ 5000 Series Desktop Processors AMD EPYC™ 7003 Processors AMD Ryzen™ 7000 Series Desktop Processors AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics AMD Ryzen™ Embedded V1000 AMD Ryzen™ Embedded 5000 AMD EPYC™ Embedded 3000 AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics AMD EPYC™ 9004 Processors AMD EPYC™ 7001 Processors AMD Ryzen™ Embedded V3000 AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics AMD Ryzen™ 3000 Series Desktop Processors AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors AMD EPYC™ Embedded 7003 AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics AMD EPYC™ Embedded 7002 AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics AMD EPYC™ Embedded 9004 AMD Ryzen™ Embedded V2000 AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics

CWE ID-CWE-20

Improper Input Validation

Matching Score-6

Assigner-Advanced Micro Devices Inc.

Matching Score-6

Assigner-Advanced Micro Devices Inc.

CVSS Score-7.5||HIGH

EPSS-0.15% / 35.55%

||

7 Day CHG~0.00%

Published-14 Nov, 2023 | 18:52

Updated-03 Aug, 2024 | 03:51

Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.

Vendor-Advanced Micro Devices, Inc.

Product-ryzen_9_5900x ryzen_5_6600h_firmware ryzen_5_3580u athlon_3015ce ryzen_7_4800u_firmware ryzen_5_5500x_firmware ryzen_5_pro_5645 ryzen_3_3100_firmware ryzen_threadripper_2950x_firmware ryzen_7_7735hs_firmware ryzen_9_3900x ryzen_5_pro_3350ge_firmware ryzen_9_5900x_firmware ryzen_9_6900hx_firmware ryzen_9_5980hx athlon_3015e ryzen_7_5800hs ryzen_5_5500h ryzen_5_5600x ryzen_9_5900_firmware ryzen_5_5600hs ryzen_5_3600xt_firmware ryzen_7_5825u ryzen_7_5825u_firmware ryzen_5_3600x_firmware ryzen_7_3750h_firmware ryzen_threadripper_3960x_firmware ryzen_5_6600h ryzen_threadripper_3960x ryzen_threadripper_2950x ryzen_5_4500u_firmware ryzen_9_6980hx ryzen_threadripper_pro_3975wx ryzen_5_5560u ryzen_3_3100 ryzen_7_3750h ryzen_5_6600hs ryzen_7_3780u ryzen_7_pro_5845 athlon_3015e_firmware ryzen_9_5900hs ryzen_9_4900hs ryzen_7_4980u_firmware ryzen_threadripper_2920x ryzen_9_5980hs ryzen_7_3700c ryzen_5_pro_3350g_firmware ryzen_7_3800xt_firmware ryzen_3_5125c_firmware ryzen_5_55003xd_firmware ryzen_9_6900hx ryzen_7_5800h_firmware ryzen_9_6900hs ryzen_3_3300x ryzen_7_3700x ryzen_5_3500u ryzen_5_5500 ryzen_3_5400u ryzen_9_4900hs_firmware ryzen_9_4900h_firmware ryzen_5_5600_firmware ryzen_7_5800x ryzen_5_3550h ryzen_5_4500u ryzen_9_pro_5945 ryzen_threadripper_3990x_firmware ryzen_7_3780u_firmware ryzen_9_3900 ryzen_3_4300u ryzen_7_4800h_firmware ryzen_3_4300u_firmware ryzen_5_5600x_firmware ryzen_9_3900_firmware ryzen_7_3700x_firmware ryzen_5_pro_3350g ryzen_7_4980u ryzen_9_5900 ryzen_9_5980hs_firmware ryzen_7_6800h_firmware ryzen_7_6800u_firmware ryzen_7_7735u ryzen_threadripper_3990x ryzen_5_3500c_firmware ryzen_5_5600hs_firmware ryzen_5_56003xd ryzen_3_3350u_firmware ryzen_5_5600h_firmware ryzen_7_5700 ryzen_5_4680u ryzen_3_5400u_firmware ryzen_9_6900hs_firmware ryzen_3_3300u_firmware ryzen_7_5800 ryzen_7_4700u ryzen_7_6800hs_firmware ryzen_7_3800x ryzen_5_7535u ryzen_5_4600u ryzen_9_5950x ryzen_5_3600_firmware ryzen_5_5500_firmware ryzen_5_3580u_firmware ryzen_threadripper_2990wx_firmware ryzen_5_3500c ryzen_5_4600h ryzen_5_4600u_firmware ryzen_5_56003xd_firmware ryzen_3_3300x_firmware ryzen_5_5600h ryzen_7_6800hs ryzen_5_pro_3400g_firmware ryzen_9_3900xt_firmware ryzen_5_7535u_firmware ryzen_7_6800u ryzen_3_3300u ryzen_7_7736u ryzen_5_3600xt ryzen_3_5425u_firmware ryzen_7_7735hs ryzen_5_3500x_firmware ryzen_9_3900xt ryzen_5_3550h_firmware ryzen_7_4800h ryzen_5_5600u ryzen_9_4900h ryzen_9_5900hx_firmware ryzen_5_3500x ryzen_9_5950x_firmware athlon_3015ce_firmware ryzen_threadripper_2970wx ryzen_7_4800hs ryzen_7_3700u_firmware ryzen_7_5800x_firmware ryzen_5_5625u ryzen_5_6600u ryzen_5_pro_3400g ryzen_threadripper_2920x_firmware ryzen_7_4800hs_firmware ryzen_9_6980hs_firmware ryzen_5_3450u ryzen_3_5125c ryzen_7_3800x_firmware ryzen_5_pro_3350ge ryzen_9_6980hx_firmware ryzen_7_7735u_firmware ryzen_7_pro_5845_firmware ryzen_threadripper_pro_3945wx_firmware ryzen_9_5900hs_firmware ryzen_5_5600u_firmware ryzen_5_3600x ryzen_5_6600u_firmware ryzen_3_7335u ryzen_7_3800xt ryzen_threadripper_2970wx_firmware ryzen_7_5700_firmware ryzen_5_7535hs_firmware ryzen_9_3950x_firmware ryzen_9_pro_5945_firmware ryzen_threadripper_pro_3995wx ryzen_5_4600h_firmware ryzen_5_7535hs ryzen_7_3700c_firmware ryzen_7_5700x_firmware ryzen_threadripper_pro_3955wx ryzen_5_4600hs ryzen_7_5800u_firmware ryzen_7_7736u_firmware ryzen_9_3900x_firmware ryzen_7_4700u_firmware ryzen_7_3700u ryzen_5_6600hs_firmware ryzen_5_pro_5645_firmware ryzen_3_3350u ryzen_5_3500_firmware ryzen_3_5425u ryzen_threadripper_pro_3955wx_firmware ryzen_7_5800_firmware ryzen_9_5980hx_firmware ryzen_3_5100_firmware ryzen_5_5560u_firmware ryzen_threadripper_pro_3995wx_firmware ryzen_7_5800u ryzen_9_5900hx ryzen_5_4680u_firmware ryzen_5_4600hs_firmware ryzen_5_pro_3400ge ryzen_5_5500h_firmware ryzen_9_3950x ryzen_threadripper_2990wx ryzen_5_5600 ryzen_threadripper_3970x ryzen_3_5100 ryzen_5_3500 ryzen_7_5800h ryzen_5_3450u_firmware ryzen_threadripper_pro_3945wx ryzen_5_3600 ryzen_5_pro_3400ge_firmware ryzen_threadripper_3970x_firmware ryzen_5_3500u_firmware ryzen_threadripper_pro_3975wx_firmware ryzen_7_5800hs_firmware ryzen_7_4800u ryzen_5_5625u_firmware ryzen_3_7335u_firmware ryzen_7_5700x ryzen_9_6980hs ryzen_7_6800h AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5 AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT AMD Ryzen™ 5000 Series Desktop Processors “Vermeer”AMD EPYC™ Embedded 7003 AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4 3rd Gen AMD EPYC™ Processors AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3 AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6 AMD Ryzen™ Threadripper™ 2000 Series Processors “Colfax”AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”Ryzen™ 3000 series Desktop Processors “Matisse"AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”

CWE ID-CWE-20

Improper Input Validation

Matching Score-6

Assigner-Advanced Micro Devices Inc.

Matching Score-6

Assigner-Advanced Micro Devices Inc.

CVSS Score-8.2||HIGH

EPSS-0.04% / 14.27%

||

7 Day CHG~0.00%

Published-11 Feb, 2025 | 20:52

Updated-15 Apr, 2026 | 00:35

SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution.

Vendor-Advanced Micro Devices, Inc.

Product-AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics AMD Ryzen™ 5000 Series Desktop Processors AMD Ryzen™ Embedded V1000 AMD Ryzen™ Embedded 5000 AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics AMD Ryzen™ Threadripper™ 3000 Series Processors AMD Ryzen™Embedded R2000 AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics AMD Ryzen™ Embedded 8000 AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics AMD Ryzen™ Embedded V2000 AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics AMD Ryzen™ Embedded R1000 AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors AMD Ryzen™ 7000 Series Mobile Processors AMD Ryzen™ 3000 Series Desktop Processors AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors AMD Ryzen™ 7000 Series Desktop Processors AMD Ryzen™ Embedded V3000 AMD Ryzen™ Embedded 7000 AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics

CWE ID-CWE-20

Improper Input Validation

Matching Score-6

Assigner-Advanced Micro Devices Inc.

Matching Score-6

Assigner-Advanced Micro Devices Inc.

CVSS Score-7.5||HIGH

EPSS-0.39% / 60.38%

||

7 Day CHG~0.00%

Published-09 Nov, 2022 | 20:45

Updated-01 May, 2025 | 15:15

Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.

Vendor-FreeBSD Foundation Linux Kernel Organization, Inc Microsoft Corporation Advanced Micro Devices, Inc.

Product-amd_uprof windows freebsd linux_kernel AMD μProf

CWE ID-CWE-20

Improper Input Validation

Matching Score-6

Assigner-Advanced Micro Devices Inc.

Matching Score-6

Assigner-Advanced Micro Devices Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.10% / 26.72%

||

7 Day CHG~0.00%

Published-15 Aug, 2023 | 21:07

Updated-08 Oct, 2024 | 19:31

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution.

Vendor-Advanced Micro Devices, Inc.Microsoft Corporation

Product-ryzen_master_monitoring_sdk windows_11 ryzen_master windows_10 Ryzen™ Master ryzen

CWE ID-CWE-20

Improper Input Validation