CVE-2024-21961 - Vulnerability Details - OpenCVE

Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability.

Attack Vector Network

Attack Complexity High

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4013.html

History

Fri, 13 Feb 2026 00:00:00 +0000

Type	Values Removed	Values Added
Description		Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability.
Weaknesses		CWE-119
References		https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4013.html
Metrics		cvssV4_0 `{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2026-02-12T23:45:09.575Z

Updated: 2026-02-12T23:45:09.575Z

Reserved: 2024-01-03T16:43:26.978Z

Link: CVE-2024-21961

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-02-13T00:16:02.633

Modified: 2026-02-13T00:16:02.633

Link: CVE-2024-21961

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-21961", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2024-01-03T16:43:26.978Z", "datePublished": "2026-02-12T23:45:09.575Z", "dateUpdated": "2026-02-12T23:45:09.575Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2026-02-12T23:45:09.575Z"}, "affected": [{"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 7002 Series Processors", "versions": [{"version": "No Fix Planned", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "versions": [{"version": "Errata #1165,1166,1526", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "versions": [{"version": "Errata #1526", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "versions": [{"version": "Errata #1165,1166,1526", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "versions": [{"version": "Errata #1165,1166,1526", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 Z1 Series Processors", "versions": [{"version": "Errata #1526", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics", "versions": [{"version": "Errata #1526", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics", "versions": [{"version": "Errata #1526", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 8000 Series Desktop Processors", "versions": [{"version": "Errata #1526", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "versions": [{"version": "Errata #1165,1166,1526", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "versions": [{"version": "Errata #1526", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "versions": [{"version": "Errata #1165,1166,1526", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics", "versions": [{"version": "Errata #1526", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics", "versions": [{"version": "Errata #1165,1166,1526", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors", "versions": [{"version": "Errata #1165,1166,1526", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 Z2 Series Processors", "versions": [{"version": "Errata #1526", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics", "versions": [{"version": "Errata #1526", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 7002 Series Processors", "versions": [{"version": "No fix planned", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors", "versions": [{"version": "No fix planned", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "versions": [{"version": "No fix planned", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors", "versions": [{"version": "No fix planned", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded 8000 Series Processors", "versions": [{"version": "No fix planned", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors", "versions": [{"version": "No fix planned", "status": "unaffected"}]}], "datePublic": "2026-02-12T23:44:41.036Z", "descriptions": [{"lang": "en", "value": "Improper restriction of operations within the bounds of a memory buffer in PCIe\u00ae Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability.", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper restriction of operations within the bounds of a memory buffer in PCIe\u00ae Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability.<br>"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4013.html"}, {"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "AMD PSIRT Automation 1.0"}, "metrics": [{"cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "baseScore": 6, "baseSeverity": "MEDIUM"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}]}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper restriction of operations within the bounds of a memory buffer in PCIe\u00ae Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability."}], "id": "CVE-2024-21961", "lastModified": "2026-02-13T00:16:02.633", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@amd.com", "type": "Secondary"}]}, "published": "2026-02-13T00:16:02.633", "references": [{"source": "psirt@amd.com", "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html"}, {"source": "psirt@amd.com", "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4013.html"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "psirt@amd.com", "type": "Secondary"}]}