CVE-2024-21949: Input Validation
First published: Tue Nov 12 2024(Updated: )
Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash.
Credit: psirt@amd.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Amd Ryzen Ai Software | <1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-21949?
The severity of CVE-2024-21949 is considered high due to its potential to cause a system crash.
How do I fix CVE-2024-21949?
To fix CVE-2024-21949, update the AMD Ryzen AI Software to version 1.2 or later.
What causes CVE-2024-21949?
CVE-2024-21949 is caused by improper validation of user input in the NPU driver.
What impact does CVE-2024-21949 have on my system?
CVE-2024-21949 could lead to unexpected behavior such as a system crash due to buffer size issues.
Is my system vulnerable to CVE-2024-21949?
If you are using a version of AMD Ryzen AI Software below 1.2, your system is vulnerable to CVE-2024-21949.
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- agent/severity
- agent/author
- agent/event
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/source
- vendor/amd
- canonical/amd ryzen ai software