CVE-2023-31342

EPSS 0.02%
Published 11.02.2025 23:15:08
Last modified 23.09.2025 22:15:32
Source psirt@amd.com
Teams watchlist Login
Open Login

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorAMD

≫

Product AMD EPYC™ 7003 Processors

Default Statusaffected

Version MilanPI 1.0.0.C

Status unaffected

VendorAMD

≫

Product AMD EPYC™ 9004 Processors

Default Statusaffected

Version GenoaPI 1.0.0.B

Status unaffected

VendorAMD

≫

Product AMD Instinct™ MI300A

Default Statusaffected

Version MI300API 1.0.0.5

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 3000 Series Desktop Processors

Default Statusaffected

Version ComboAM4v2PI 1.2.0.C

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 5000 Series Desktop Processors

Default Statusaffected

Version ComboAM4v2PI 1.2.0.C

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics

Default Statusaffected

Version ComboAM4v2PI 1.2.0.C

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7000 Series Desktop Processors

Default Statusaffected

Version ComboAM5 1.1.0.2

Status unaffected

VendorAMD

≫

Product AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics

Default Statusaffected

Version ComboAM4v2PI 1.2.0.C

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics

Default Statusaffected

Version ComboAM4v2PI 1.2.0.C

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics

Default Statusaffected

Version ComboAM5 1.1.0.2

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors

Default Statusaffected

Version ChagallWSPI-sWRX8 1.0.0.7

Status unaffected

VendorAMD

≫

Product AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics

Default Statusaffected

Version Pollock-FT5 1.0.0.7

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics

Default Statusaffected

Version Picasso-FP5 1.0.1.1

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics

Default Statusaffected

Version RenoirPI-FP6 1.0.0.D

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics

Default Statusaffected

Version Cezanne-FP6 1.0.1.0

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics

Default Statusaffected

Version MendocinoPI-FT6 1.0.0.6

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics

Default Statusaffected

Version Rembrandt-FP7 1.0.0.A

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics

Default Statusaffected

Version Rembrandt-FP7 1.0.0.A

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics

Default Statusaffected

Version PhoenixPI-FP8-FP7 1.1.0.2

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7000 Series Mobile Processors

Default Statusaffected

Version DragonRangeFL1PI 1.0.0.3C

Status unaffected

VendorAMD

≫

Product AMD EPYC™ Embedded 7003

Default Statusaffected

Version EmbMilanPI-SP3 1.0.0.8

Status unaffected

VendorAMD

≫

Product AMD EPYC™ Embedded 9004

Default Statusaffected

Version EmbGenoaPI-SP5 1.0.0.6

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded R1000

Default Statusaffected

Version EmbeddedPI-FP5 1.2.0.C

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded R2000

Default Statusaffected

Version EmbeddedR2KPI-FP5 1.0.0.3

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded 5000

Default Statusaffected

Version EmbAM4PI 1.0.0.5

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded 7000

Default Statusaffected

Version EmbeddedAM5PI 1.0.0.1

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded V2000

Default Statusaffected

Version EmbeddedPI-FP6 1.0.0.9

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded V3000

Default Statusaffected

Version Embedded-PI FP7r2 1.0.0.9

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@amd.com	7.5	0.8	6	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-1220 Insufficient Granularity of Access Control

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html

https://nvd.nist.gov/vuln/detail/CVE-2023-31342

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-31342

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-31342

EUVD