5.8

CVE-2023-31339

Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.

Data is provided by the National Vulnerability Database (NVD)
AmdTrusted Firmware-a Version < 2023.2
   AmdZu11eg Version-
   AmdZu15eg Version-
   AmdZu17eg Version-
   AmdZu19eg Version-
   AmdZu1cg Version-
   AmdZu1eg Version-
   AmdZu21dr Version-
   AmdZu25dr Version-
   AmdZu27dr Version-
   AmdZu28dr Version-
   AmdZu29dr Version-
   AmdZu2cg Version-
   AmdZu2eg Version-
   AmdZu39dr Version-
   AmdZu3cg Version-
   AmdZu3eg Version-
   AmdZu3tcg Version-
   AmdZu3teg Version-
   AmdZu42dr Version-
   AmdZu43dr Version-
   AmdZu46dr Version-
   AmdZu47dr Version-
   AmdZu48dr Version-
   AmdZu49dr Version-
   AmdZu4cg Version-
   AmdZu4eg Version-
   AmdZu4ev Version-
   AmdZu5cg Version-
   AmdZu5eg Version-
   AmdZu5ev Version-
   AmdZu63dr Version-
   AmdZu64dr Version-
   AmdZu65dr Version-
   AmdZu67dr Version-
   AmdZu6cg Version-
   AmdZu6eg Version-
   AmdZu7cg Version-
   AmdZu7eg Version-
   AmdZu7ev Version-
   AmdZu9cg Version-
   AmdZu9eg Version-
ArmTrusted Firmware-a Version < 2.10.1
   AmdZu11eg Version-
   AmdZu15eg Version-
   AmdZu17eg Version-
   AmdZu19eg Version-
   AmdZu1cg Version-
   AmdZu1eg Version-
   AmdZu21dr Version-
   AmdZu25dr Version-
   AmdZu27dr Version-
   AmdZu28dr Version-
   AmdZu29dr Version-
   AmdZu2cg Version-
   AmdZu2eg Version-
   AmdZu39dr Version-
   AmdZu3cg Version-
   AmdZu3eg Version-
   AmdZu3tcg Version-
   AmdZu3teg Version-
   AmdZu42dr Version-
   AmdZu43dr Version-
   AmdZu46dr Version-
   AmdZu47dr Version-
   AmdZu48dr Version-
   AmdZu49dr Version-
   AmdZu4cg Version-
   AmdZu4eg Version-
   AmdZu4ev Version-
   AmdZu5cg Version-
   AmdZu5eg Version-
   AmdZu5ev Version-
   AmdZu63dr Version-
   AmdZu64dr Version-
   AmdZu65dr Version-
   AmdZu67dr Version-
   AmdZu6cg Version-
   AmdZu6eg Version-
   AmdZu7cg Version-
   AmdZu7eg Version-
   AmdZu7ev Version-
   AmdZu9cg Version-
   AmdZu9eg Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.08% 0.253
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.8 0.6 5.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H
psirt@amd.com 4.8 0.6 4.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.