CVE-2023-31345

EPSS 0.02%
Published 12.02.2025 00:15:08
Last modified 23.09.2025 22:15:32
Source psirt@amd.com
Teams watchlist Login
Open Login

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorAMD

≫

Product AMD EPYC™ 7003 Processors

Default Statusaffected

Version MilanPI 1.0.0.C

Status affected

VendorAMD

≫

Product AMD EPYC™ 9004 Processors

Default Statusaffected

Version GenoaPI 1.0.0.B

Status unaffected

VendorAMD

≫

Product AMD Instinct™ MI300A

Default Statusaffected

Version MI300API 1.0.0.5

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 3000 Series Desktop Processors

Default Statusaffected

Version ComboAM4v2PI 1.2.0.C

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 5000 Series Desktop Processors

Default Statusaffected

Version ComboAM4v2PI 1.2.0.C

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics

Default Statusaffected

Version ComboAM4v2PI 1.2.0.C

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7000 Series Desktop Processors

Default Statusaffected

Version ComboAM5 1.1.0.2

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics

Default Statusaffected

Version ComboAM4v2PI 1.2.0.C

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics

Default Statusaffected

Version ComboAM5 1.1.0.2

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors

Default Statusaffected

Version ChagallWSPI-sWRX8 1.0.0.7

Status unaffected

VendorAMD

≫

Product AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics

Default Statusaffected

Version "Pollock-FT5 1.0.0.7"

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics

Default Statusaffected

Version "Picasso-FP5 1.0.1.1"

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics

Default Statusaffected

Version "RenoirPI-FP6 1.0.0.D"

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics

Default Statusaffected

Version "Cezanne-FP6 1.0.1.0"

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics

Default Statusaffected

Version "MendocinoPI-FT6 1.0.0.6"

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics

Default Statusaffected

Version "Rembrandt-FP7 1.0.0.A"

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics

Default Statusaffected

Version "Rembrandt-FP7 1.0.0.A"

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics

Default Statusaffected

Version "PhoenixPI-FP8-FP7 1.1.0.2"

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7000 Series Mobile Processors

Default Statusaffected

Version "DragonRangeFL1PI 1.0.0.3C"

Status unaffected

VendorAMD

≫

Product AMD EPYC™ Embedded 7003

Default Statusaffected

Version "EmbMilanPI-SP3 1.0.0.8"

Status unaffected

VendorAMD

≫

Product AMD EPYC™ Embedded 9004

Default Statusaffected

Version EmbGenoaPI-SP5 1.0.0.6

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded 5000

Default Statusaffected

Version "EmbAM4PI 1.0.0.5"

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded 7000

Default Statusaffected

Version EmbeddedAM5PI 1.0.0.1

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded V2000

Default Statusaffected

Version "EmbeddedPI-FP6 1.0.0.9"

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded V3000

Default Statusaffected

Version "Embedded-PI FP7r2 1.0.0.9"

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@amd.com	7.5	0.8	6	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code

The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html

https://nvd.nist.gov/vuln/detail/CVE-2023-31345

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-31345

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-31345

EUVD