CVE Catalog

CVE-2024-21944

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

34th percentile — higher than 34% of all known CVEs

Summary

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.

Risk Assessment

The organization may experience loss of guest data integrity, which could lead to serious security and data availability consequences.

Recommendation

It is recommended to conduct a security audit of systems and implement appropriate access control measures to minimize the risk of physical access to systems.

Original NVD description (English source)

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS