VDB

CISA-2023-31315

CISA-2023-31315 PUBLISHED CVSS 7.5 HIGH

Reported by AMD · Published August 9, 2024

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersions
AMD3rd Gen AMD EPYC™ Processorsvarious
AMD1st Gen AMD EPYC™ Processorsvarious
AMD2nd Gen AMD EPYC™ Processorsvarious
AMD4th Gen AMD EPYC™ Processorsvarious
AMDAMD EPYC™ Embedded 3000various
AMDAMD EPYC™ Embedded 7002various
AMDAMD EPYC™ Embedded 7003various
AMDAMD EPYC™ Embedded 9003various
AMDAMD Ryzen™ Embedded R1000various
AMDAMD Ryzen™ Embedded R2000various
AMDAMD Ryzen™ Embedded 5000various
AMDAMD Ryzen™ Embedded 7000various
AMDAMD Ryzen™ Embedded V1000various
AMDAMD Ryzen™ Embedded V2000various
AMDAMD Ryzen™ Embedded V3000various
AMDAMD Ryzen™ 3000 Series Desktop Processorsvarious
AMDAMD Ryzen™ 5000 Series Desktop Processorsvarious
AMDAMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphicsvarious
AMDAMD Ryzen™ 7000 Series Desktop Processorsvarious
AMDAMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphicsvarious

…and 82 more

Timeline

  • Aug 9, 2024 CVE Published
  • Sep 12, 2024 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›