Improper Input Validation in AMD DIMMs Allows Data Integrity Compromise
CVE-2024-21944

5.3MEDIUM

Key Information:

Badges

đź“° News Worthy

What is CVE-2024-21944?

The vulnerability arises from improper input validation for DIMM serial presence detect (SPD) metadata. An attacker with physical access to the system, ring0 privileges, or control over the Root of Trust for a BIOS update, could exploit this weakness. This may allow the attacker to overwrite guest memory, resulting in potential loss of data integrity for affected systems. Organizations utilizing vulnerable AMD DIMMs should implement mitigating strategies to safeguard their data.

Affected Version(s)

AMD EPYC™ 7003 Series Processors Milan PI 1.0.0.D

AMD EPYC™ 9004 Series Processor Genoa PI 1.0.0.D

AMD EPYC™ 7003 Series Processors Milan PI 1.0.0.D

News Articles

BadRAM: $10 hack unlocks AMD encrypted memory - Help Net Security

BadRAM (CVE-2024-21944) affects ADM processors, and can be triggered by rogue memory modules to unlock the chips' encrypted memory.

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • đź“°

    First article discovered by Help Net Security

  • Vulnerability Reserved

.