Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for AMD Instinct™ MI300X by AMD

    CVE-2024-21950 (GCVE-0-2024-21950)

    Vulnerability from nvd – Published: 2026-05-15 03:00 – Updated: 2026-05-15 11:12
    VLAI
    Summary
    An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    Date Public
    2026-05-15 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21950",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T11:12:24.735247Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-15T11:12:35.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122  MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "No fix planned"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122  MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "No fix planned"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122  MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "No fix planned"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122  MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "No fix planned"
                }
              ]
            }
          ],
          "datePublic": "2026-05-15T03:00:09.088Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability.\u003cbr\u003e"
                }
              ],
              "value": "An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "privilegesRequired": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125  Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T03:00:25.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-21950",
        "datePublished": "2026-05-15T03:00:25.843Z",
        "dateReserved": "2024-01-03T16:43:21.323Z",
        "dateUpdated": "2026-05-15T11:12:35.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-21935 (GCVE-0-2024-21935)

    Vulnerability from nvd – Published: 2025-09-23 21:38 – Updated: 2025-09-24 13:16
    VLAI
    Summary
    Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish® API commands to remove files from the local root directory, potentially resulting in data corruption.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-241 - Improper Handling of Unexpected Data Type
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Instinct™ MI300X Unaffected: BKC 24.10
    Create a notification for this product.
    Date Public
    2025-09-23 21:16
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21935",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-24T13:16:00.639345Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-24T13:16:47.376Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122  MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "BKC 24.10"
                }
              ]
            }
          ],
          "datePublic": "2025-09-23T21:16:49.667Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish\u00ae API commands to remove files from the local root directory, potentially resulting in data corruption. \u003cbr\u003e"
                }
              ],
              "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish\u00ae API commands to remove files from the local root directory, potentially resulting in data corruption."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-241",
                  "description": "CWE-241  Improper Handling of Unexpected Data Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-23T21:38:22.057Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6016.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-21935",
        "datePublished": "2025-09-23T21:38:22.057Z",
        "dateReserved": "2024-01-03T16:43:14.976Z",
        "dateUpdated": "2025-09-24T13:16:47.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21927 (GCVE-0-2024-21927)

    Vulnerability from nvd – Published: 2025-09-23 21:33 – Updated: 2025-09-24 13:18
    VLAI
    Summary
    Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-241 - Improper Handling of Unexpected Data Type
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Instinct™ MI300X Unaffected: BKC 24.08
    Create a notification for this product.
    Date Public
    2025-09-23 21:11
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21927",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-24T13:17:10.777457Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-24T13:18:45.108Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122  MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "BKC 24.08"
                }
              ]
            }
          ],
          "datePublic": "2025-09-23T21:11:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish\u00ae API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service. \u003cbr\u003e"
                }
              ],
              "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish\u00ae API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-241",
                  "description": "CWE-241  Improper Handling of Unexpected Data Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-23T21:33:54.121Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6016.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-21927",
        "datePublished": "2025-09-23T21:33:54.121Z",
        "dateReserved": "2024-01-03T16:43:09.233Z",
        "dateUpdated": "2025-09-24T13:18:45.108Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21950 (GCVE-0-2024-21950)

    Vulnerability from cvelistv5 – Published: 2026-05-15 03:00 – Updated: 2026-05-15 11:12
    VLAI
    Summary
    An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    Date Public
    2026-05-15 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21950",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T11:12:24.735247Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-15T11:12:35.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122  MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "No fix planned"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122  MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "No fix planned"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122  MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "No fix planned"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122  MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "No fix planned"
                }
              ]
            }
          ],
          "datePublic": "2026-05-15T03:00:09.088Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability.\u003cbr\u003e"
                }
              ],
              "value": "An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "privilegesRequired": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125  Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T03:00:25.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-21950",
        "datePublished": "2026-05-15T03:00:25.843Z",
        "dateReserved": "2024-01-03T16:43:21.323Z",
        "dateUpdated": "2026-05-15T11:12:35.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-21935 (GCVE-0-2024-21935)

    Vulnerability from cvelistv5 – Published: 2025-09-23 21:38 – Updated: 2025-09-24 13:16
    VLAI
    Summary
    Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish® API commands to remove files from the local root directory, potentially resulting in data corruption.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-241 - Improper Handling of Unexpected Data Type
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Instinct™ MI300X Unaffected: BKC 24.10
    Create a notification for this product.
    Date Public
    2025-09-23 21:16
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21935",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-24T13:16:00.639345Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-24T13:16:47.376Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122  MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "BKC 24.10"
                }
              ]
            }
          ],
          "datePublic": "2025-09-23T21:16:49.667Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish\u00ae API commands to remove files from the local root directory, potentially resulting in data corruption. \u003cbr\u003e"
                }
              ],
              "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish\u00ae API commands to remove files from the local root directory, potentially resulting in data corruption."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-241",
                  "description": "CWE-241  Improper Handling of Unexpected Data Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-23T21:38:22.057Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6016.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-21935",
        "datePublished": "2025-09-23T21:38:22.057Z",
        "dateReserved": "2024-01-03T16:43:14.976Z",
        "dateUpdated": "2025-09-24T13:16:47.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21927 (GCVE-0-2024-21927)

    Vulnerability from cvelistv5 – Published: 2025-09-23 21:33 – Updated: 2025-09-24 13:18
    VLAI
    Summary
    Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-241 - Improper Handling of Unexpected Data Type
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Instinct™ MI300X Unaffected: BKC 24.08
    Create a notification for this product.
    Date Public
    2025-09-23 21:11
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21927",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-24T13:17:10.777457Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-24T13:18:45.108Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122  MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "BKC 24.08"
                }
              ]
            }
          ],
          "datePublic": "2025-09-23T21:11:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish\u00ae API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service. \u003cbr\u003e"
                }
              ],
              "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish\u00ae API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-241",
                  "description": "CWE-241  Improper Handling of Unexpected Data Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-23T21:33:54.121Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6016.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-21927",
        "datePublished": "2025-09-23T21:33:54.121Z",
        "dateReserved": "2024-01-03T16:43:09.233Z",
        "dateUpdated": "2025-09-24T13:18:45.108Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }