CVE-2024-21927

Name of the Vulnerable Software and Affected Versions Satellite Management Controller (SMC) (affected versions not specified)

Description Insufficient input validation in the Satellite Management Controller (SMC) could allow an attacker with certain privileges to utilize specific special characters within Redfish® API commands. This manipulation may lead to crashes and resets of service processes, such as OpenBMC, potentially resulting in a denial of service. The vulnerability exists in the firmware of AMD MI300X processors. The attacker must be able to send manipulated commands to the API endpoints used by the SMC. The issue involves improper validation of input provided to the SMC, specifically within the Redfish® API.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.