CVE-2024-21944

5.3MEDIUM

Key Information:

Vendor

Amd
Status
Amd Epyc™ 7003 Series Processors
Amd Epyc™ 9004 Series Processor
Vendor
CVE Published:
10 June 2026

Badges

đź“° News Worthy

What is CVE-2024-21944?

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.

Affected Version(s)

AMD EPYC™ 7003 Series Processors Milan PI 1.0.0.D

AMD EPYC™ 9004 Series Processor Genoa PI 1.0.0.D

AMD EPYC™ 7003 Series Processors Milan PI 1.0.0.D

News Articles

favicon imageHelp Net Security

BadRAM: $10 hack unlocks AMD encrypted memory - Help Net Security

BadRAM (CVE-2024-21944) affects ADM processors, and can be triggered by rogue memory modules to unlock the chips' encrypted memory.

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • đź“°

    First article discovered by Help Net Security

  • Vulnerability Reserved

.