cbcvebase.
CVE-2023-31315
published 2024-08-12

CVE-2023-31315: Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled…

high7.5CVSS 3.1
AVLACHPRHUINSCCHIHAH
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.

Affected

22 ranges
VendorProductVersion rangeFixed in
amd1st_gen_amd_epyc_processors>= various < Naples PI 1.0.0.MNaples PI 1.0.0.M
amd2nd_gen_amd_epyc_processors>= various < Rome PI 1.0.0.JRome PI 1.0.0.J
amd3rd_gen_amd_epyc_processors>= various < Milan PI 1.0.0.DMilan PI 1.0.0.D
amdamd_epyc_embedded_3000
amdamd_epyc_embedded_7002
amdamd_epyc_embedded_7003
amdamd_ryzen_3000_series_desktop_processors
amdamd_ryzen_3000_series_mobile_processor_with_radeon_graphics>= various < Picasso-FP5 1.0.1.2Picasso-FP5 1.0.1.2
amdamd_ryzen_4000_series_desktop_processors_with_radeon_graphics>= various < ComboAM4v2PI 1.2.0.cbComboAM4v2PI 1.2.0.cb
amdamd_ryzen_7000_series_desktop_processors>= various < ComboAM5PI 1.2.0.1ComboAM5PI 1.2.0.1
amdamd_ryzen_7020_series_processors_with_radeon_graphics>= various < MendocinoPI-FT6 1.0.0.7MendocinoPI-FT6 1.0.0.7
amdamd_ryzen_7030_series_mobile_processors_with_radeon_graphics>= various < CezannePI-FP6CezannePI-FP6
amdamd_ryzen_embedded_5000
amdamd_ryzen_embedded_7000
amdamd_ryzen_embedded_r1000
amdamd_ryzen_embedded_r2000
amdamd_ryzen_embedded_v1000
amdamd_ryzen_embedded_v2000
amdamd_ryzen_embedded_v3000
amdamd_ryzen_threadripper_3000_series_processors>= various < CastlePeakPI-SP3r3 1.0.0.BCastlePeakPI-SP3r3 1.0.0.B
amdamd_ryzen_threadripper_pro_processors>= various < ChagallWSPI-sWRX8 1.0.0.8ChagallWSPI-sWRX8 1.0.0.8
debianamd64-microcode< amd64-microcode 3.20240710.2~deb12u1 (bookworm)amd64-microcode 3.20240710.2~deb12u1 (bookworm)

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
osv7.5HIGH