Possible Overwrite of Guest Memory or UMC Seed in SNP Firmware

CVE-2024-21980

7.9HIGH

Key Information

Vendor: Amd
Status: 3rd Gen Amd Epyc™ Processors; 4th Gen Amd Epyc™ Processors; Amd Epyc™ Embedded 7003; Amd Epyc™ Embedded 9003
Vendor: CVE Published:; 5 August 2024

Summary

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.

Affected Version(s)

3rd Gen AMD EPYC™ Processors <= various

4th Gen AMD EPYC™ Processors <= various

AMD EPYC™ Embedded 7003 <= various

CVSS V3.1

Score:

7.9

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Aug 5, 2024
Vulnerability Reserved.
Jan 3, 2024

Collectors

NVD DatabaseMitre Database