{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21927", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2024-01-03T16:43:09.233Z", "datePublished": "2025-09-23T21:33:54.121Z", "dateUpdated": "2025-09-23T21:33:54.121Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "AMD Instinct\u2122 MI300X", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "BKC 24.08"}]}], "datePublic": "2025-09-23T21:11:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish\u00ae API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service. <br>"}], "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish\u00ae API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-241", "description": "CWE-241 Improper Handling of Unexpected Data Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2025-09-23T21:33:54.121Z"}, "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6016.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "AMD PSIRT Automation 1.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish\u00ae API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service."}], "id": "CVE-2024-21927", "lastModified": "2025-09-23T22:15:33.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 1.4, "source": "psirt@amd.com", "type": "Secondary"}]}, "published": "2025-09-23T22:15:33.033", "references": [{"source": "psirt@amd.com", "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6016.html"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-241"}], "source": "psirt@amd.com", "type": "Secondary"}]}

{}

{}