Out of Bounds Read Vulnerability in AMD Remote Management Firmware
CVE-2024-21950

1.8LOW

Key Information:

Vendor: Amd
Status: Amd Instinct™ Mi300x; Amd Instinct™ Mi300a; Amd Instinct™ Mi325x; Amd Instinct™ Mi308x
Vendor: CVE Published:; 15 May 2026

What is CVE-2024-21950?

An out of bounds read vulnerability exists in AMD's remote management firmware, enabling a privileged attacker to access a limited memory section outside of the expected range. This exposure can potentially compromise the confidentiality and availability of sensitive data.

Affected Version(s)

AMD Instinct™ MI300A No fix planned

AMD Instinct™ MI300X No fix planned

AMD Instinct™ MI308X No fix planned

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

1.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
Jan 3, 2024

CVE-2024-21950 Data

JSON

Amd

What is CVE-2024-21950?

Affected Version(s)

References

CVSS V4

Timeline