CVE-2024-21980 - OpenCVE

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Amd	Epyc 7003 Firmware Epyc 7203 Firmware Epyc 7203p Firmware Epyc 72f3 Firmware Epyc 7303 Firmware Epyc 7303p Firmware Epyc 7313p Firmware Epyc 7343 Firmware Epyc 7373x Firmware Epyc 7413 Firmware Epyc 7443 Firmware Epyc 7443p Firmware Epyc 7453 Firmware Epyc 7473x Firmware Epyc 74f3 Firmware Epyc 7513 Firmware Epyc 7543 Firmware Epyc 7573x Firmware Epyc 75f3 Firmware Epyc 7643 Firmware Epyc 7643p Firmware Epyc 7663 Firmware Epyc 7663p Firmware Epyc 7713 Firmware Epyc 7713p Firmware Epyc 7763 Firmware Epyc 7773x Firmware Epyc 8024p Firmware Epyc 8024pn Firmware Epyc 8124p Firmware Epyc 8124pn Firmware Epyc 8224p Firmware Epyc 8224pn Firmware Epyc 8324p Firmware Epyc 8324pn Firmware Epyc 8434p Firmware Epyc 8434pn Firmware Epyc 8534p Firmware Epyc 8534pn Firmware Epyc 9003 Firmware Epyc 9124 Firmware Epyc 9174f Firmware Epyc 9184x Firmware Epyc 9224 Firmware Epyc 9254 Firmware Epyc 9274f Firmware Epyc 9334 Firmware Epyc 9354 Firmware Epyc 9354p Firmware Epyc 9374f Firmware Epyc 9384x Firmware Epyc 9454 Firmware Epyc 9454p Firmware Epyc 9474f Firmware Epyc 9534 Firmware Epyc 9554 Firmware Epyc 9554p Firmware Epyc 9634 Firmware Epyc 9654 Firmware Epyc 9654p Firmware Epyc 9684x Firmware Epyc 9734 Firmware Epyc 9754 Firmware Epyc 9754s Firmware

No data.

References

Link	Providers
https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2024-08-05T16:06:36.216Z

Updated: 2024-08-05T21:00:57.665Z

Reserved: 2024-01-03T16:43:30.197Z

Link: CVE-2024-21980

Vulnrichment

Updated: 2024-08-05T20:58:47.915Z

NVD

Status : Awaiting Analysis

Published: 2024-08-05T16:15:35.377

Modified: 2024-08-06T16:30:24.547

Link: CVE-2024-21980

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object