CVE-2023-31346

CWE-284Improper Access ControlCWE-200Information Exposure5 documents5 sources
Severity
6.0MEDIUM
EPSS
0.0%
top 89.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
64
AMD Epyc 7203 FirmwareAMD Epyc 7203p FirmwareAMD Epyc 72f3 Firmware+61 more
Timeline
PublishedFeb 13

Description

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 1.5 | Impact: 4.0

Affected Packages64 packages

NVDamd/epyc_7203_firmware< milanpi_1.0.0.c
NVDamd/epyc_72f3_firmware< milanpi_1.0.0.c
NVDamd/epyc_7303_firmware< milanpi_1.0.0.c
NVDamd/epyc_7313_firmware< milanpi_1.0.0.c
NVDamd/epyc_7343_firmware< milanpi_1.0.0.c

🔴Vulnerability Details

3
GHSA
GHSA-rvmr-97cf-9f3m: Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests2024-02-13
CVEList
CVE-2023-31346: Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests2024-02-13
OSV
CVE-2023-31346: Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests2024-02-13

📋Vendor Advisories

1
Red Hat
kernel: Reserved fields in guest message responses may not be zero initialized2023-12-19
CVE-2023-31346 (MEDIUM CVSS 6) | Failure to initialize memory in SEV | cvebase.io