CVE-2023-31343Insufficient Granularity of Access Control in AMD Ryzen Embedded R2000

CWE-1220Insufficient Granularity of Access ControlCWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 86.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
AMD Ryzen Embedded R2000
Timeline
PublishedFeb 11
Latest updateFeb 12

Description

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages1 packages

CVEListV5amd/amd_ryzen_embedded_r2000"EmbeddedR2KPI-FP5 1.0.0.3"

🔴Vulnerability Details

2
GHSA
GHSA-9mx7-6mvp-m4h2: Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution2025-02-12
CVEList
CVE-2023-31343: Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution2025-02-11
CVE-2023-31343 — AMD Ryzen Embedded R2000 vulnerability | cvebase