CVE-2023-31356Incomplete Cleanup in Amd64-microcode

CWE-459Incomplete Cleanup7 documents6 sources
Severity
4.4MEDIUMNVD
OSV6.0
EPSS
0.0%
top 91.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Debian Amd64-microcode
Timeline
PublishedAug 13
Latest updateJun 9

Description

Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages1 packages

debiandebian/amd64-microcode< amd64-microcode 3.20240820.1~deb12u1 (bookworm)

🔴Vulnerability Details

3
OSV
amd64-microcode vulnerabilities2025-06-09
GHSA
GHSA-3w7r-v4fr-r43w: Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of2024-08-13
OSV
CVE-2023-31356: Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of2024-08-13

📋Vendor Advisories

3
Ubuntu
AMD Microcode vulnerabilities2025-06-09
Red Hat
kernel: hw:amd: Incomplete system memory cleanup in SEV firmware corrupt guest private memory2024-08-13
Debian
CVE-2023-31356: amd64-microcode - Incomplete system memory cleanup in SEV firmware could allow a privileged attack...2023