Skip to main content

Epyc 7203 Firmware CVE-2024-21980

HIGH
Buffer Overflow (CWE-119)
2024-08-05 psirt@amd.com
Buffer Overflow Epyc 7203 Firmware Epyc 7203P Firmware Epyc 72F3 Firmware Epyc 7303 Firmware Epyc 7303P Firmware Epyc 7313 Firmware Epyc 7313P Firmware Epyc 7343 Firmware Epyc 73F3 Firmware Epyc 7373X Firmware Epyc 7413 Firmware Epyc 7443 Firmware Epyc 7443P Firmware Epyc 74F3 Firmware Epyc 7453 Firmware Epyc 7473X Firmware Epyc 7513 Firmware Epyc 7543 Firmware Epyc 7543P Firmware Epyc 75F3 Firmware Epyc 7573X Firmware Epyc 7643 Firmware Epyc 7773X Firmware Epyc 7643P Firmware Epyc 7663 Firmware Epyc 7663P Firmware Epyc 7713 Firmware Epyc 7713P Firmware Epyc 7763 Firmware Epyc 8024Pn Firmware Epyc 8024P Firmware Epyc 8124Pn Firmware Epyc 8124P Firmware Epyc 8224Pn Firmware Epyc 8224P Firmware Epyc 8324Pn Firmware Epyc 8324P Firmware Epyc 8434Pn Firmware Epyc 8434P Firmware Epyc 8534Pn Firmware Epyc 8534P Firmware Epyc 9734 Firmware Epyc 9754S Firmware Epyc 9754 Firmware Epyc 9184X Firmware Epyc 9384X Firmware Epyc 9684X Firmware Epyc 9124 Firmware Epyc 9174F Firmware Epyc 9224 Firmware Epyc 9254 Firmware Epyc 9274F Firmware Epyc 9334 Firmware Epyc 9354 Firmware Epyc 9354P Firmware Epyc 9374F Firmware Epyc 9454 Firmware Epyc 9454P Firmware Epyc 9474F Firmware Epyc 9534 Firmware Epyc 9554 Firmware Epyc 9554P Firmware Epyc 9634 Firmware Epyc 9654 Firmware Epyc 9654P Firmware Epyc Embedded 7313 Firmware Epyc Embedded 7313P Firmware Epyc Embedded 7413 Firmware Epyc Embedded 7443 Firmware Epyc Embedded 7443P Firmware Epyc Embedded 7543 Firmware Epyc Embedded 7543P Firmware Epyc Embedded 7643 Firmware Epyc Embedded 7713 Firmware Epyc Embedded 7713P Firmware Epyc Embedded 9124 Firmware Epyc Embedded 9254 Firmware Epyc Embedded 9354 Firmware Epyc Embedded 9354P Firmware Epyc Embedded 9454 Firmware Epyc Embedded 9454P Firmware Epyc Embedded 9534 Firmware Epyc Embedded 9554 Firmware Epyc Embedded 9554P Firmware Epyc Embedded 9654 Firmware Epyc Embedded 9654P Firmware
7.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.9 HIGH
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 05, 2024 - 16:15 nvd
HIGH 7.9

DescriptionNVD

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.

AnalysisAI

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity. Affected products include: Amd Epyc 7203 Firmware, Amd Epyc 7203P Firmware, Amd Epyc 72F3 Firmware, Amd Epyc 7303 Firmware, Amd Epyc 7303P Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

Share

CVE-2024-21980 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy