{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21949", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2024-01-03T16:43:21.323Z", "datePublished": "2024-11-12T17:15:54.230Z", "dateUpdated": "2024-11-14T18:32:15.710Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AMD Ryzen\u2122 AI Software", "vendor": "AMD", "versions": [{"lessThan": "1.2", "status": "affected", "version": "0", "versionType": "software"}]}], "datePublic": "2024-11-12T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash.</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span>"}], "value": "Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2024-11-12T17:15:54.230Z"}, "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7017.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "amd", "product": "ryzen_ai_software", "cpes": ["cpe:2.3:a:amd:ryzen_ai_software:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "1.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-14T18:31:32.695810Z", "id": "CVE-2024-21949", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T18:32:15.710Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21949", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-14T18:31:32.695810Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:amd:ryzen_ai_software:*:*:*:*:*:*:*:*"], "vendor": "amd", "product": "ryzen_ai_software", "versions": [{"status": "affected", "version": "0", "lessThan": "1.2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T18:32:11.737Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AMD", "product": "AMD Ryzen\u2122 AI Software", "versions": [{"status": "affected", "version": "0", "lessThan": "1.2", "versionType": "software"}], "defaultStatus": "unaffected"}], "datePublic": "2024-11-12T17:00:00.000Z", "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7017.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash.</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2024-11-12T17:15:54.230Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21949", "state": "PUBLISHED", "dateUpdated": "2024-11-14T18:32:15.710Z", "dateReserved": "2024-01-03T16:43:21.323Z", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "datePublished": "2024-11-12T17:15:54.230Z", "assignerShortName": "AMD"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:amd:ryzen_ai_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B353FE3-A6D3-4A6B-AFD4-68E23E83F8AB", "versionEndExcluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash."}, {"lang": "es", "value": "La validaci\u00f3n incorrecta de la entrada del usuario en el controlador NPU podr\u00eda permitir que un atacante proporcione un b\u00fafer con un tama\u00f1o inesperado, lo que podr\u00eda provocar un bloqueo del sistema."}], "id": "CVE-2024-21949", "lastModified": "2024-11-15T19:20:23.167", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@amd.com", "type": "Secondary"}]}, "published": "2024-11-12T18:15:18.813", "references": [{"source": "psirt@amd.com", "tags": ["Vendor Advisory"], "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7017.html"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "psirt@amd.com", "type": "Secondary"}]}

{}

{}