CVE-2024-21944
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk34th percentile — higher than 34% of all known CVEs
Summary
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.
Risk Assessment
The organization may experience loss of guest data integrity, which could lead to serious security and data availability consequences.
Recommendation
It is recommended to conduct a security audit of systems and implement appropriate access control measures to minimize the risk of physical access to systems.
Original NVD description (English source)
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.

