PatchSiren cyber security CVE debrief
CVE-2024-21944 AMD CVE debrief
CVE-2024-21944 is a medium-severity vulnerability (CVSS Score: 5.3) that involves improper input validation for DIMM serial presence detect (SPD) metadata. This vulnerability could potentially allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to overwrite guest memory, resulting in loss of guest data integrity.
- Vendor
- AMD
- Product
- AMD EPYC™ 7003 Series Processors
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-11
Who should care
Administrators and users of systems with DIMMs, especially those with non-compliant DIMMs or where an attacker might have physical access or control over the Root of Trust for BIOS updates.
Technical summary
The vulnerability is due to improper input validation for DIMM SPD metadata. This could allow an attacker under specific conditions to overwrite guest memory, impacting data integrity.
Defensive priority
MEDIUM
Recommended defensive actions
- Review and apply BIOS updates as recommended by the vendor.
- Ensure physical security of systems.
- Validate and monitor DIMM compliance.
Evidence notes
Vendor evidence suggests AMD is the affected vendor.
Official resources
-
CVE-2024-21944 CVE record
CVE.org
-
CVE-2024-21944 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2024-21944 was published on 2026-06-10T23:16:44.950Z and modified on 2026-06-11T14:43:18.997Z.