CVE-2023-31315 — SinkClose: Code Injection in AMD Ryzen 3000 Series Mobile Processor With Radeon Graphics

CWE-94 — Code Injection7 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.0%

top 89.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD 1ST GEN AMD Epyc Processors AMD 2ND GEN AMD Epyc Processors AMD 3RD GEN AMD Epyc Processors +18 more

Timeline

PublishedAug 12

Latest updateOct 21

Description

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages21 packages

▶CVEListV5amd/1st_gen_amd_epyc_processorsvarious — Naples PI 1.0.0.M

▶CVEListV5amd/2nd_gen_amd_epyc_processorsvarious — Rome PI 1.0.0.J

▶CVEListV5amd/3rd_gen_amd_epyc_processorsvarious — Milan PI 1.0.0.D

▶CVEListV5amd/amd_ryzen_threadripper_pro_processorsvarious — ChagallWSPI-sWRX8 1.0.0.8

▶CVEListV5amd/amd_ryzen_7000_series_desktop_processorsvarious — ComboAM5PI 1.2.0.1

🔴Vulnerability Details

OSV

CVE-2023-31315: Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is↗2024-08-12

▶

GHSA

GHSA-7r5c-r5ww-995h: Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is↗2024-08-12

▶

CVEList

CVE-2023-31315: Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is↗2024-08-09

▶

📋Vendor Advisories

Ubuntu

AMD Microcode vulnerability↗2024-10-21

▶

Red Hat

hw: amd: SMM Lock Bypass↗2024-08-09

▶

Debian

CVE-2023-31315: amd64-microcode - Improper validation in a model specific register (MSR) could allow a malicious p...↗2023

▶