Improper Input Validation in AMD DIMMs Allows Data Integrity Compromise
CVE-2024-21944
What is CVE-2024-21944?
The vulnerability arises from improper input validation for DIMM serial presence detect (SPD) metadata. An attacker with physical access to the system, ring0 privileges, or control over the Root of Trust for a BIOS update, could exploit this weakness. This may allow the attacker to overwrite guest memory, resulting in potential loss of data integrity for affected systems. Organizations utilizing vulnerable AMD DIMMs should implement mitigating strategies to safeguard their data.
Affected Version(s)
AMD EPYC™ 7003 Series Processors Milan PI 1.0.0.D
AMD EPYC™ 9004 Series Processor Genoa PI 1.0.0.D
AMD EPYC™ 7003 Series Processors Milan PI 1.0.0.D
News Articles
BadRAM: $10 hack unlocks AMD encrypted memory - Help Net Security
BadRAM (CVE-2024-21944) affects ADM processors, and can be triggered by rogue memory modules to unlock the chips' encrypted memory.