CVE-2023-31345

EPSS 0.03%
Veröffentlicht 12.02.2025 00:15:08
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle psirt@amd.com
CVE-Watchlists
Login
Unerledigt
Login

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

CNA 25 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerAMD

≫

Produkt AMD EPYC™ 7003 Processors

Default Statusaffected

Version MilanPI 1.0.0.C

Status affected

HerstellerAMD

≫

Produkt AMD EPYC™ 9004 Processors

Default Statusaffected

Version GenoaPI 1.0.0.B

Status unaffected

HerstellerAMD

≫

Produkt AMD Instinct™ MI300A

Default Statusaffected

Version MI300API 1.0.0.5

Status unaffected

HerstellerAMD

≫

Produkt AMD Ryzen™ 3000 Series Desktop Processors

Default Statusaffected

Version ComboAM4v2PI 1.2.0.C

Status unaffected

HerstellerAMD

≫

Produkt AMD Ryzen™ 5000 Series Desktop Processors

Default Statusaffected

Version ComboAM4v2PI 1.2.0.C

Status unaffected

HerstellerAMD

≫

Produkt AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics

Default Statusaffected

Version ComboAM4v2PI 1.2.0.C

Status unaffected

HerstellerAMD

≫

Produkt AMD Ryzen™ 7000 Series Desktop Processors

Default Statusaffected

Version ComboAM5 1.1.0.2

Status unaffected

HerstellerAMD

≫

Produkt AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics

Default Statusaffected

Version ComboAM4v2PI 1.2.0.C

Status unaffected

HerstellerAMD

≫

Produkt AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics

Default Statusaffected

Version ComboAM5 1.1.0.2

Status unaffected

HerstellerAMD

≫

Produkt AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors

Default Statusaffected

Version ChagallWSPI-sWRX8 1.0.0.7

Status unaffected

HerstellerAMD

≫

Produkt AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics

Default Statusaffected

Version "Pollock-FT5 1.0.0.7"

Status unaffected

HerstellerAMD

≫

Produkt AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics

Default Statusaffected

Version "Picasso-FP5 1.0.1.1"

Status unaffected

HerstellerAMD

≫

Produkt AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics

Default Statusaffected

Version "RenoirPI-FP6 1.0.0.D"

Status unaffected

HerstellerAMD

≫

Produkt AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics

Default Statusaffected

Version "Cezanne-FP6 1.0.1.0"

Status unaffected

HerstellerAMD

≫

Produkt AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics

Default Statusaffected

Version "MendocinoPI-FT6 1.0.0.6"

Status unaffected

HerstellerAMD

≫

Produkt AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics

Default Statusaffected

Version "Rembrandt-FP7 1.0.0.A"

Status unaffected

HerstellerAMD

≫

Produkt AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics

Default Statusaffected

Version "Rembrandt-FP7 1.0.0.A"

Status unaffected

HerstellerAMD

≫

Produkt AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics

Default Statusaffected

Version "PhoenixPI-FP8-FP7 1.1.0.2"

Status unaffected

HerstellerAMD

≫

Produkt AMD Ryzen™ 7000 Series Mobile Processors

Default Statusaffected

Version "DragonRangeFL1PI 1.0.0.3C"

Status unaffected

HerstellerAMD

≫

Produkt AMD EPYC™ Embedded 7003

Default Statusaffected

Version "EmbMilanPI-SP3 1.0.0.8"

Status unaffected

HerstellerAMD

≫

Produkt AMD EPYC™ Embedded 9004

Default Statusaffected

Version EmbGenoaPI-SP5 1.0.0.6

Status unaffected

HerstellerAMD

≫

Produkt AMD Ryzen™ Embedded 5000

Default Statusaffected

Version "EmbAM4PI 1.0.0.5"

Status unaffected

HerstellerAMD

≫

Produkt AMD Ryzen™ Embedded 7000

Default Statusaffected

Version EmbeddedAM5PI 1.0.0.1

Status unaffected

HerstellerAMD

≫

Produkt AMD Ryzen™ Embedded V2000

Default Statusaffected

Version "EmbeddedPI-FP6 1.0.0.9"

Status unaffected

HerstellerAMD

≫

Produkt AMD Ryzen™ Embedded V3000

Default Statusaffected

Version "Embedded-PI FP7r2 1.0.0.9"

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.099

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@amd.com	7.5	0.8	6	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code

The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html

https://nvd.nist.gov/vuln/detail/CVE-2023-31345

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-31345

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-31345

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-31345