Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-21980

Summary
Assigner-AMD
Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648
Published At-05 Aug, 2024 | 16:06
Updated At-05 Aug, 2024 | 21:00
Rejected At-
Credits

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:AMD
Assigner Org ID:b58fc414-a1e4-4f92-9d70-1add41838648
Published At:05 Aug, 2024 | 16:06
Updated At:05 Aug, 2024 | 21:00
Rejected At:
▼CVE Numbering Authority (CNA)

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.

Affected Products
Vendor
Advanced Micro Devices, Inc.AMD
Product
3rd Gen AMD EPYC™ Processors
Default Status
affected
Versions
Affected
  • From various before MilanPI 1.0.0.D (Platform Initialization)
Vendor
Advanced Micro Devices, Inc.AMD
Product
4th Gen AMD EPYC™ Processors
Default Status
affected
Versions
Affected
  • From various before GenoaPI 1.0.0.C (Platform Initialization)
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD EPYC™ Embedded 7003
Default Status
affected
Versions
Affected
  • From various before EmbMilanPI-SP3 1.0.0.9 (Platform Initialization)
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD EPYC™ Embedded 9003
Default Status
affected
Versions
Affected
  • From various before EmbGenoaPI-SP5 1.0.0.7 (Platform Initialization)
Problem Types
TypeCWE IDDescription
CWECWE-119CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Type: CWE
CWE ID: CWE-119
Description: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Metrics
VersionBase scoreBase severityVector
3.17.9HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Version: 3.1
Base score: 7.9
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html
vendor-advisory
Hyperlink: https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Advanced Micro Devices, Inc.amd
Product
epyc_7003_firmware
CPEs
  • cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before milanpi_1.0.0.9_sp3 (custom)
Vendor
Advanced Micro Devices, Inc.amd
Product
epyc_9003_firmware
CPEs
  • cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before genoapi_1.0.0.7_sp5 (custom)
Vendor
Advanced Micro Devices, Inc.amd
Product
epyc_7773x_firmware
CPEs
  • cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before milanpi_1.0.0.d (custom)
Vendor
Advanced Micro Devices, Inc.amd
Product
epyc_9754s_firmware
CPEs
  • cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before genoapi_1.0.0.c (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@amd.com
Published At:05 Aug, 2024 | 16:15
Updated At:26 Nov, 2024 | 19:13

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.9HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Primary3.17.9HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 7.9
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 7.9
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
CPE Matches
Advanced Micro Devices, Inc.
amd
>>epyc_7203_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7203_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7203>>-
cpe:2.3:h:amd:epyc_7203:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7203p_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7203p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7203p>>-
cpe:2.3:h:amd:epyc_7203p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_72f3_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_72f3_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_72f3>>-
cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7303_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7303_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7303>>-
cpe:2.3:h:amd:epyc_7303:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7303p_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7303p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7303p>>-
cpe:2.3:h:amd:epyc_7303p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7313_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7313>>-
cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7313p_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7313p>>-
cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7343_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7343>>-
cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_73f3_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_73f3>>-
cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7373x_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7373x_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7373x>>-
cpe:2.3:h:amd:epyc_7373x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7413_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7413>>-
cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7443_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7443>>-
cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7443p_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7443p>>-
cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_74f3_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_74f3>>-
cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7453_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7453>>-
cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7473x_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7473x_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7473x>>-
cpe:2.3:h:amd:epyc_7473x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7513_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7513>>-
cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7543_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7543>>-
cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7543p_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7543p>>-
cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_75f3_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_75f3>>-
cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7573x_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7573x_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7573x>>-
cpe:2.3:h:amd:epyc_7573x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7643_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7643>>-
cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7773x_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7773x_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7773x>>-
cpe:2.3:h:amd:epyc_7773x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7643p_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7643p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7643p>>-
cpe:2.3:h:amd:epyc_7643p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7663_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7663>>-
cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Secondarypsirt@amd.com
CWE-787Primarynvd@nist.gov
CWE ID: CWE-119
Type: Secondary
Source: psirt@amd.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.htmlpsirt@amd.com
Broken Link
Hyperlink: https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html
Source: psirt@amd.com
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found