CVE-2023-31355

CWE-119 — Buffer Overflow CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

6.0MEDIUM

EPSS

0.8%

top 26.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD 3RD GEN AMD Epyc™ Processors AMD 4TH GEN AMD Epyc™ Processors AMD AMD Epyc™ Embedded 7003 +87 more

Timeline

PublishedAug 5

Description

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 1.5 | Impact: 4.0

Affected Packages90 packages

▶NVDamd/epyc_7203_firmware< milanpi_1.0.0.d

▶NVDamd/epyc_72f3_firmware< milanpi_1.0.0.d

▶NVDamd/epyc_7303_firmware< milanpi_1.0.0.d

▶NVDamd/epyc_7313_firmware< milanpi_1.0.0.d

▶NVDamd/epyc_7343_firmware< milanpi_1.0.0.d

🔴Vulnerability Details

GHSA

GHSA-x6rx-7w39-qpg5: Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing readi↗2024-08-05

▶

CVEList

CVE-2023-31355: Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing readi↗2024-08-05

▶

📋Vendor Advisories

Red Hat

linux-firmware: hw:amd: Improper Restriction of Write Operations in SNP Firmware↗2024-08-05

▶