CVE-2024-21944

CVSS 5.3 · Medium EPSS 0.23% · P14 Updated Jun 13, 2026

Possible ATT&CK Techniques 2AI

T1055 · Process Injection T1055.001 · Dynamic-link Library Injection

Affected Version Matrix 4

Vendor	Product	Version Range	Status
AMD	AMD EPYC™ 7003 Series Processors	`Milan PI 1.0.0.D`	unaffected
		`SEV FW 1.55.22 (hex 1.37.16)`	unaffected
AMD	AMD EPYC™ 9004 Series Processor	`Genoa PI 1.0.0.D`	unaffected
		`SEV FW 1.55.38 (hex 1.37.26)`	unaffected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-21944

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

输入验证不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

AMD EPYC Processor 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

AMD EPYC Processor是美国超威半导体（AMD）公司的一系列多核处理器。 AMD EPYC Processor存在输入验证错误漏洞，该漏洞源于DIMM串行存在检测元数据的输入验证不当，可能导致具有物理访问权限或ring0访问权限的攻击者覆盖客户内存，导致客户数据完整性丢失。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
AMD	AMD EPYC™ 7003 Series Processors	Milan PI 1.0.0.D	-
AMD	AMD EPYC™ 9004 Series Processor	Genoa PI 1.0.0.D	-

II. Public POCs for CVE-2024-21944

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-21944

请登录查看更多情报信息。

Vendor Advisories for CVE-2024-21944 (1)

🔗 Undermining Integrity Features of SEV-SNP with Memory Aliasing Read full article

https://nvd.nist.gov/vuln/detail/CVE-2024-21944

IV. Related Vulnerabilities

Same product: AMD EPYC™ 7003 Series Processors

Same vendor: AMD

Same weakness: CWE-20

V. Comments for CVE-2024-21944

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-21944

Possible ATT&CK Techniques 2AI

Affected Version Matrix 4

I. Basic Information for CVE-2024-21944

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-21944

III. Intelligence Information for CVE-2024-21944

Vendor Advisories for CVE-2024-21944 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2024-21944

Leave a comment