CVE-2023-31364 — Improper Restriction of Operations within the Bounds of a Memory Buffer in AMD Athlon 3000 Series Mobile Processors With Radeon Graphics

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

8.3HIGHNVD

EPSS

0.1%

top 83.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Athlon 3000 Series Mobile Processors With Radeon Graphics AMD Epyc Embedded 8004 Series Processors AMD Epyc Embedded 9004 Series Processor +20 more

Timeline

PublishedFeb 26

Description

Improper handling of direct memory writes in the input-output memory management unit could allow a malicious guest virtual machine (VM) to flood a host with writes, potentially causing a fatal machine check error resulting in denial of service.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Affected Packages23 packages

▶CVEListV5amd/amd_epyc_embedded_9004_series_processorEmbGenoaPI-SP5 1.0.0.B

▶CVEListV5amd/amd_epyc_embedded_8004_series_processorsEmbGenoaPI-SP5 1.0.0.B

▶CVEListV5amd/amd_ryzen_3000_series_desktop_processorsNo Fix Planned

▶CVEListV5amd/amd_ryzen_7000_series_desktop_processorsNo Fix Planned

▶CVEListV5amd/amd_ryzen_8000_series_desktop_processorsNo Fix Planned

🔴Vulnerability Details

CVEList

CVE-2023-31364: Improper handling of direct memory writes in the input-output memory management unit could allow a malicious guest virtual machine (VM) to flood a hos↗2026-02-26

▶

GHSA

GHSA-xxv2-rmf4-wfx2: Improper handling of direct memory writes in the input-output memory management unit could allow a malicious guest virtual machine (VM) to flood a hos↗2026-02-26

▶