{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21935", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2024-01-03T16:43:14.976Z", "datePublished": "2025-09-23T21:38:22.057Z", "dateUpdated": "2025-09-24T13:16:47.376Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2025-09-23T21:38:22.057Z"}, "affected": [{"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Instinct\u2122 MI300X", "versions": [{"version": "BKC 24.10", "status": "unaffected"}]}], "datePublic": "2025-09-23T21:16:49.667Z", "descriptions": [{"lang": "en", "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish\u00ae API commands to remove files from the local root directory, potentially resulting in data corruption.", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish\u00ae API commands to remove files from the local root directory, potentially resulting in data corruption. <br>"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-241", "description": "CWE-241 Improper Handling of Unexpected Data Type", "lang": "en", "type": "CWE"}]}], "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6016.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "AMD PSIRT Automation 1.0"}, "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-24T13:16:00.639345Z", "id": "CVE-2024-21935", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-24T13:16:47.376Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21935", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-24T13:16:00.639345Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-24T13:16:40.779Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AMD", "product": "AMD Instinct\u2122 MI300X", "versions": [{"status": "unaffected", "version": "BKC 24.10"}], "defaultStatus": "affected"}], "datePublic": "2025-09-23T21:16:49.667Z", "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6016.html"}], "x_generator": {"engine": "AMD PSIRT Automation 1.0"}, "descriptions": [{"lang": "en", "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish\u00ae API commands to remove files from the local root directory, potentially resulting in data corruption.", "supportingMedia": [{"type": "text/html", "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish\u00ae API commands to remove files from the local root directory, potentially resulting in data corruption. <br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-241", "description": "CWE-241 Improper Handling of Unexpected Data Type"}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2025-09-23T21:38:22.057Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21935", "state": "PUBLISHED", "dateUpdated": "2025-09-24T13:16:47.376Z", "dateReserved": "2024-01-03T16:43:14.976Z", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "datePublished": "2025-09-23T21:38:22.057Z", "assignerShortName": "AMD"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish\u00ae API commands to remove files from the local root directory, potentially resulting in data corruption."}], "id": "CVE-2024-21935", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 1.4, "source": "psirt@amd.com", "type": "Secondary"}]}, "published": "2025-09-23T22:15:33.183", "references": [{"source": "psirt@amd.com", "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6016.html"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-241"}], "source": "psirt@amd.com", "type": "Secondary"}]}

{}

{"created": "2025-09-25T08:22:05.390733+00:00", "updated": "2025-09-25T08:22:05.390786+00:00", "vendors": ["amd", "amd$PRODUCT$instinct_mi300x", "amd$PRODUCT$satellite_management_controller"]}