Vulnerability-Lookup

BDU:2025-09863

Vulnerability from fstec - Published: 05.08.2024

Title

Уязвимость в прошивке SNP микропрограммного обеспечения графических процессоров AMD, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальной информации

Description

Уязвимость в прошивке SNP микропрограммного обеспечения графических процессоров AMD связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю получить доступ к конфиденциальной информации

Severity ?


                    
                      AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Vendor

ООО «Ред Софт», Advanced Micro Devices Inc.

Software Name

РЕД ОС (запись в едином реестре российских программ №3751), 3rd Gen AMD EPYC, 4th Gen AMD EPYC, AMD EPYC Embedded 7003, AMD EPYC Embedded 9003

Software Version

7.3 (РЕД ОС), до MilanPI 1.0.0.D (3rd Gen AMD EPYC), до GenoaPI 1.0.0.C (4th Gen AMD EPYC), до EmbMilanPI-SP3 1.0.0.9 (AMD EPYC Embedded 7003), до EmbGenoaPI-SP5 1.0.0.7 (AMD EPYC Embedded 9003)

Possible Mitigations

Использование рекомендаций: https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html Для РедОС: https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-linux-firmware-13082025/?sphrase_id=1203948

Reference

https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-linux-firmware-13082025/?sphrase_id=1203948 https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:M/C:C/I:C/A:N",
  "CVSS 3.0": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Advanced Micro Devices Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u0434\u043e MilanPI 1.0.0.D (3rd Gen AMD EPYC), \u0434\u043e GenoaPI 1.0.0.C (4th Gen AMD EPYC), \u0434\u043e EmbMilanPI-SP3 1.0.0.9 (AMD EPYC Embedded 7003), \u0434\u043e EmbGenoaPI-SP5 1.0.0.7 (AMD EPYC Embedded 9003)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-linux-firmware-13082025/?sphrase_id=1203948",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.08.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.08.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.08.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-09863",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-21980",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), 3rd Gen AMD EPYC, 4th Gen AMD EPYC, AMD EPYC Embedded 7003, AMD EPYC Embedded 9003",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0435 SNP \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 AMD, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0435 SNP \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 AMD \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-linux-firmware-13082025/?sphrase_id=1203948\nhttps://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430, \u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,9)"
}

CVE-2024-21980 (GCVE-0-2024-21980)

Vulnerability from cvelistv5 – Published: 2024-08-05 16:06 – Updated: 2024-08-05 21:00

Summary

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.

Severity ?

7.9 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

AMD

References

URL

Tags

https://https://www.amd.com/en/resources/product-…

vendor-advisory

Impacted products

Vendor

Product

Version

AMD

3rd Gen AMD EPYC™ Processors

Affected: various , < MilanPI 1.0.0.D (Platform Initialization)

AMD	4th Gen AMD EPYC™ Processors	Affected: various , < GenoaPI 1.0.0.C (Platform Initialization)
AMD	AMD EPYC™ Embedded 7003	Affected: various , < EmbMilanPI-SP3 1.0.0.9 (Platform Initialization)
AMD	AMD EPYC™ Embedded 9003	Affected: various , < EmbGenoaPI-SP5 1.0.0.7 (Platform Initialization)

Date Public ?

2024-08-05 16:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_7003_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "milanpi_1.0.0.9_sp3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_9003_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "genoapi_1.0.0.7_sp5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_7773x_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "milanpi_1.0.0.d",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_9754s_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "genoapi_1.0.0.c",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21980",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-05T20:52:33.557459Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:00:57.665Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "3rd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "MilanPI 1.0.0.D",
              "status": "affected",
              "version": "various",
              "versionType": "Platform Initialization"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "4th Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "GenoaPI 1.0.0.C",
              "status": "affected",
              "version": "various",
              "versionType": "Platform Initialization"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "EmbMilanPI-SP3 1.0.0.9",
              "status": "affected",
              "version": "various",
              "versionType": "Platform Initialization"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9003",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "EmbGenoaPI-SP5 1.0.0.7",
              "status": "affected",
              "version": "various",
              "versionType": "Platform Initialization"
            }
          ]
        }
      ],
      "datePublic": "2024-08-05T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest\u0027s memory or UMC seed resulting in loss of confidentiality and integrity.\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest\u0027s memory or UMC seed resulting in loss of confidentiality and integrity."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.9,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-05T16:06:36.216Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2024-21980",
    "datePublished": "2024-08-05T16:06:36.216Z",
    "dateReserved": "2024-01-03T16:43:30.197Z",
    "dateUpdated": "2024-08-05T21:00:57.665Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2025-09863

CVE-2024-21980 (GCVE-0-2024-21980)

Tags

Sightings

Nomenclature