CVE-2024-21927

MEDIUM5.0

Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service

Published Sep 23, 2025

Modified 3 months ago

No fix available

Details

Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service.

References

WEBhttps://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6016.html ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2024-21927

CVSS Analysis

CVSS v3.1

5.0

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

ChangedS:C

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

LowA:L

5/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

Weakness Type (CWE)

Other

CWE-241

Ecosystems

Timeline

PublishedSep 23, 2025

ModifiedSep 24, 2025