Potential vulnerability in MSR could lead to arbitrary code execution

CVE-2023-31315

7.5HIGH

Key Information

Vendor: Amd
Status: 3rd Gen Amd Epyc™ Processors; 1st Gen Amd Epyc™ Processors; 2nd Gen Amd Epyc™ Processors; 4th Gen Amd Epyc™ Processors
Vendor: CVE Published:; 12 August 2024

Badges

📰 News Worthy

Summary

CVE-2023-31315 is a potential vulnerability in AMD's model specific register (MSR) that could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. The vulnerability affects the majority of AMD processors and has been patched by AMD in the Ryzen 3000 Series desktop processors. It has not been exploited by ransomware groups. Additionally, there are warnings about multiple cloud service provider attacks related to the Black Hat USA conference, and a potential vulnerability in Office that could lead to sensitive data leakage.

Affected Version(s)

3rd Gen AMD EPYC™ Processors < various

1st Gen AMD EPYC™ Processors <= various

2nd Gen AMD EPYC™ Processors <= various

News Articles

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

First article discovered by iThome
Aug 12, 2024
Vulnerability published.
Aug 12, 2024
Vulnerability Reserved.
Apr 27, 2023

Collectors

NVD DatabaseMitre Database1 News Article(s)