AMD EPYC 9004 Processors IOMMU improper validation of specified quantity in input
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 2.2 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as problematic has been discovered in AMD EPYC 9004 Processors, EPYC 8004 Processors and EPYC Embedded 9004 Processors. This affects an unknown part of the component IOMMU. The manipulation results in improper validation of specified quantity in input. This vulnerability is reported as CVE-2024-21953. The attack requires a local approach. No exploit exists. It is advisable to upgrade the affected component.
Details
A vulnerability classified as problematic has been found in AMD EPYC 9004 Processors, EPYC 8004 Processors and EPYC Embedded 9004 Processors (affected version unknown). Affected is an unknown functionality of the component IOMMU. The manipulation with an unknown input leads to a improper validation of specified quantity in input vulnerability. CWE is classifying the issue as CWE-1284. The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. This is going to have an impact on integrity. CVE summarizes:
Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity.
The advisory is available at amd.com. This vulnerability is traded as CVE-2024-21953 since 01/03/2024. The exploitability is told to be easy. Local access is required to approach this attack. Additional levels of successful authentication are required for exploitation. The technical details are unknown and an exploit is not available.
The vulnerability scanner Nessus provides a plugin with the ID 300490 (Linux Distros Unpatched Vulnerability : CVE-2024-21953), which helps to determine the existence of the flaw in a target environment.
Upgrading eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at Tenable (300490). If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Vendor
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Vector: 🔒
CVSSv3
VulDB Meta Base Score: 2.3VulDB Meta Temp Score: 2.2
VulDB Base Score: 2.3
VulDB Temp Score: 2.2
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Improper validation of specified quantity in inputCWE: CWE-1284 / CWE-703
CAPEC: 🔒
ATT&CK: 🔒
Physical: Partially
Local: Yes
Remote: No
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 300490
Nessus Name: Linux Distros Unpatched Vulnerability : CVE-2024-21953
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Timeline
01/03/2024 CVE reserved02/11/2026 Advisory disclosed
02/11/2026 VulDB entry created
03/05/2026 VulDB entry last update
Sources
Advisory: amd.comStatus: Confirmed
CVE: CVE-2024-21953 (🔒)
GCVE (CVE): GCVE-0-2024-21953
GCVE (VulDB): GCVE-100-345402
Entry
Created: 02/11/2026 05:06Updated: 03/05/2026 15:43
Changes: 02/11/2026 05:06 (64), 03/05/2026 15:43 (2)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.