Improper Input Validation in Satellite Management Controller by AMD
CVE-2024-21927

5MEDIUM

Key Information:

Vendor: Amd
Status: Amd Instinct™ Mi300x
Vendor: CVE Published:; 23 September 2025

What is CVE-2024-21927?

An improper input validation issue in the Satellite Management Controller (SMC) allows privileged attackers to inject certain special characters into manipulated Redfish® API commands. This exploitation can lead to the crashing and resetting of service processes such as OpenBMC, potentially resulting in a denial of service. Users are advised to review their configurations and apply the necessary updates to mitigate risks.

Affected Version(s)

AMD Instinct™ MI300X BKC 24.08

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Jan 3, 2024

JSON

Amd

What is CVE-2024-21927?

Affected Version(s)

References

CVSS V3.1

Timeline