CVE-2024-21927 - Vulnerability Details - OpenCVE

Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Amd	Instinct Mi300x

No data.

No data.

References

Link	Providers
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6016.html

History

Thu, 25 Sep 2025 08:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Amd Amd instinct Mi300x
Vendors & Products		Amd Amd instinct Mi300x

Wed, 24 Sep 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 23 Sep 2025 21:45:00 +0000

Type	Values Removed	Values Added
Description		Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service.
Weaknesses		CWE-241
References		https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6016.html
Metrics		cvssV3_1 `{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2025-09-23T21:33:54.121Z

Updated: 2025-09-24T13:18:45.108Z

Reserved: 2024-01-03T16:43:09.233Z

Link: CVE-2024-21927

Vulnrichment

Updated: 2025-09-24T13:18:23.253Z

NVD

Status : Awaiting Analysis

Published: 2025-09-23T22:15:33.033

Modified: 2025-09-24T18:11:24.520

Link: CVE-2024-21927

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21927", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2024-01-03T16:43:09.233Z", "datePublished": "2025-09-23T21:33:54.121Z", "dateUpdated": "2025-09-24T13:18:45.108Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "AMD Instinct\u2122 MI300X", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "BKC 24.08"}]}], "datePublic": "2025-09-23T21:11:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish\u00ae API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service. <br>"}], "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish\u00ae API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-241", "description": "CWE-241 Improper Handling of Unexpected Data Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2025-09-23T21:33:54.121Z"}, "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6016.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "AMD PSIRT Automation 1.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-24T13:17:10.777457Z", "id": "CVE-2024-21927", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-24T13:18:45.108Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21927", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-24T13:17:10.777457Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-24T13:18:23.253Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AMD", "product": "AMD Instinct\u2122 MI300X", "versions": [{"status": "unaffected", "version": "BKC 24.08"}], "defaultStatus": "affected"}], "datePublic": "2025-09-23T21:11:00.000Z", "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6016.html"}], "x_generator": {"engine": "AMD PSIRT Automation 1.0"}, "descriptions": [{"lang": "en", "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish\u00ae API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service.", "supportingMedia": [{"type": "text/html", "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish\u00ae API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service. <br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-241", "description": "CWE-241 Improper Handling of Unexpected Data Type"}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2025-09-23T21:33:54.121Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21927", "state": "PUBLISHED", "dateUpdated": "2025-09-24T13:18:45.108Z", "dateReserved": "2024-01-03T16:43:09.233Z", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "datePublished": "2025-09-23T21:33:54.121Z", "assignerShortName": "AMD"}, "dataVersion": "5.1"}