CVE-2024-21953

Publication date 10 February 2026

Last updated 26 June 2026

Ubuntu priority

Description

Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
amd64-microcode	26.04 LTS resolute	Vulnerable
	25.10 questing	Vulnerable
	24.04 LTS noble	Vulnerable
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not affected

Notes

rodrigo-zaiden

affects SEV FW, supported in microcode package starting from noble AMD advisory mentions SEV release in: Bergamo/Siena (fam 19h model a0h): SEV FW 1.37.2A (1.55.42) Genoa (fam 19h model 11h): SEV FW 1.37.31 (1.55.49) Upstream including these versions is found in commit 13786e87: Update AMD SEV firmware to version 1.58 build 1 for AMD family 19h processors with models in the range 10h to 1fh. Update AMD SEV firmware to version 1.58 build 1 for AMD family 19h processors with models in the range a0h to afh.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
amd64-microcode	Upstream: ?id=137

Severity score breakdown

CVSS version: CVSS v4.0

Base score 5.9 · Medium

Base metrics

Parameter	Value
Attack vector	Local
Attack complexity	Low
Attack requirements	None
Privileges required	High
User interaction	None
Vulnerable system - Confidentiality impact	None
Vulnerable system - Integrity impact	None
Vulnerable system - Availability impact	None
Subsequent system - Confidentiality impact	None
Subsequent system - Integrity impact	High
Subsequent system - Availability impact	None

Scores

Parameter	Value
Base score	5.9 · Medium
Base + Threat score	-
Base + Environmental score	-
Base + Threat + Environmental score	-

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N