CVE-2024-21980
EUVD-2024-1958605.08.2024, 16:15
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| amd | epyc_7003_firmware | 𝑥 < milanpi_1.0.0.9_sp3 | ADP |
| amd | epyc_9003_firmware | 𝑥 < genoapi_1.0.0.7_sp5 | ADP |
| amd | epyc_7773x_firmware | 𝑥 < milanpi_1.0.0.d | ADP |
| amd | epyc_9754s_firmware | 𝑥 < genoapi_1.0.0.c | ADP |
Common Weakness Enumeration
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.