CVE-2023-31345Improper Access Control for Volatile Memory Containing Boot Code in AMD Epyc 7003 Processors

CWE-1274Improper Access Control for Volatile Memory Containing Boot CodeCWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 89.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
AMD Epyc 7003 Processors
Timeline
PublishedFeb 12

Description

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages1 packages

CVEListV5amd/amd_epyc_7003_processorsMilanPI 1.0.0.C

🔴Vulnerability Details

2
GHSA
GHSA-pvg7-v23v-r848: Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution2025-02-12
CVEList
CVE-2023-31345: Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution2025-02-11
CVE-2023-31345 — AMD Epyc 7003 Processors vulnerability | cvebase