CVE-2023-31315
Published: Aug 9, 2024
Modified: Sep 12, 2024
CVSS v3.1
7.5
Description
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
| Vendor | Product | Versions |
|---|---|---|
AMD | 3rd Gen AMD EPYC™ Processors | affected various - < Milan PI 1.0.0.D |
AMD | 1st Gen AMD EPYC™ Processors | affected various - < Naples PI 1.0.0.M |
AMD | 2nd Gen AMD EPYC™ Processors | affected various - < Rome PI 1.0.0.J |
AMD | 4th Gen AMD EPYC™ Processors | unaffected various - < Genoa PI 1.0.0.C |
AMD | AMD EPYC™ Embedded 3000 | affected various |
AMD | AMD EPYC™ Embedded 7002 | affected various |
AMD | AMD EPYC™ Embedded 7003 | affected various |
AMD | AMD EPYC™ Embedded 9003 | unaffected various - < EmbGenoaPI 1.0.0.7 |
AMD | AMD Ryzen™ Embedded R1000 | affected various |
AMD | AMD Ryzen™ Embedded R2000 | affected various |
AMD | AMD Ryzen™ Embedded 5000 | affected various |
AMD | AMD Ryzen™ Embedded 7000 | affected various |
AMD | AMD Ryzen™ Embedded V1000 | affected various |
AMD | AMD Ryzen™ Embedded V2000 | affected various |
AMD | AMD Ryzen™ Embedded V3000 | affected various |
AMD | AMD Ryzen™ 3000 Series Desktop Processors | affected various |
AMD | AMD Ryzen™ 5000 Series Desktop Processors | unaffected various - < ComboAM4v2PI 1.2.0.cb |
AMD | AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics | unaffected various - < ComboAM4v2PI 1.2.0.cb |
AMD | AMD Ryzen™ 7000 Series Desktop Processors | affected various - < ComboAM5PI 1.2.0.1 |
AMD | AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics | affected various - < ComboAM4v2PI 1.2.0.cb |
AMD | AMD Ryzen™ Threadripper™ 3000 Series Processors | affected various - < CastlePeakPI-SP3r3 1.0.0.B |
AMD | AMD Ryzen™ Threadripper™ PRO Processors | affected various - < ChagallWSPI-sWRX8 1.0.0.8unaffected various - < CastlePeakWSPI-sWRX8 1.0.0.D |
AMD | AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors | unaffected various - < ChagallWSPI-sWRX8 1.0.0.8 |
AMD | AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics | unaffected various - < Picasso-FP5 1.0.1.2unaffected various - < PollockPI-FT5 1.0.0.8 |
AMD | AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics | affected various - < Picasso-FP5 1.0.1.2 |
AMD | AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics | unaffected various - < RenoirPI-FP6 1.0.0.E |
AMD | AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics | unaffected various - < CezannePI-FP6 1.0.1.1 |
AMD | AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics | affected various - < CezannePI-FP6 |
AMD | AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics | unaffected various - < PhoenixPI-FP8-FP7 1.1.0.3 |
AMD | AMD Ryzen™ 7045 Series Mobile Processors | unaffected various - < DragonRangeFL1 1.0.0.3e |
AMD | AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics | unaffected various - < RembrandtPI-FP7 1.0.0.B |
AMD | AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics | affected various - < MendocinoPI-FT6 1.0.0.7 |
AMD | AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics | unaffected various - < RembrandtPI-FP7 1.0.0.B |
AMD | AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics | unaffected various - < ComboAM5PI 1.2.0.1 |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now