Input Validation Flaw in Satellite Management Controller by AMD
CVE-2024-21935

5MEDIUM

Key Information:

Vendor: Amd
Status: Amd Instinct™ Mi300x
Vendor: CVE Published:; 23 September 2025

What is CVE-2024-21935?

The Satellite Management Controller (SMC) from AMD contains an improper input validation vulnerability. This flaw may allow a privileged attacker to manipulate Redfish® API commands, potentially enabling them to delete files from the local root directory. Such actions can lead to serious data corruption, impacting system integrity and availability.

Affected Version(s)

AMD Instinct™ MI300X BKC 24.10

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Jan 3, 2024

JSON

Amd

What is CVE-2024-21935?

Affected Version(s)

References

CVSS V3.1

Timeline