CVE-2024-21927
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-23
Last updated on: 2025-09-24
Assigner: Advanced Micro Devices Inc.
Description
Description
Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amd | instinct_mi300x | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-241 | The product does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is caused by improper input validation in the Satellite Management Controller (SMC). An attacker who already has certain privileges can use special characters in manipulated Redfish API commands, which can cause service processes like OpenBMC to crash and reset.
How can this vulnerability impact me? :
The impact of this vulnerability is that it can cause denial of service by crashing and resetting service processes such as OpenBMC, potentially disrupting system availability.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70