CVE-2023-31347

CWE-682 CWE-1685 documents5 sources

Severity

4.9MEDIUM

EPSS

0.0%

top 86.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Epyc 7203 Firmware AMD Epyc 7203p Firmware AMD Epyc 72f3 Firmware +60 more

Timeline

PublishedFeb 13

Description

Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages63 packages

▶NVDamd/epyc_7203_firmware< milanpi_1.0.0.c

▶NVDamd/epyc_72f3_firmware< milanpi_1.0.0.c

▶NVDamd/epyc_7303_firmware< milanpi_1.0.0.c

▶NVDamd/epyc_7313_firmware< milanpi_1.0.0.c

▶NVDamd/epyc_7343_firmware< milanpi_1.0.0.c

🔴Vulnerability Details

CVEList

CVE-2023-31347: Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC↗2024-02-13

▶

GHSA

GHSA-ggv6-7vfj-r2fw: Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC↗2024-02-13

▶

OSV

CVE-2023-31347: Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC↗2024-02-13

▶

📋Vendor Advisories

Red Hat

kernel: Insufficient check may lead to an incorrect TSC↗2023-12-19

▶