Potential vulnerability in MSR could lead to arbitrary code execution
CVE-2023-31315

7.5HIGH

Key Information:

Vendor: Amd
Status: 3rd Gen Amd Epyc™ Processors; 1st Gen Amd Epyc™ Processors; 2nd Gen Amd Epyc™ Processors; 4th Gen Amd Epyc™ Processors
Vendor: CVE Published:; 12 August 2024

Badges

📰 News Worthy

Summary

CVE-2023-31315 is a potential vulnerability in AMD's model specific register (MSR) that could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. The vulnerability affects the majority of AMD processors and has been patched by AMD in the Ryzen 3000 Series desktop processors. It has not been exploited by ransomware groups. Additionally, there are warnings about multiple cloud service provider attacks related to the Black Hat USA conference, and a potential vulnerability in Office that could lead to sensitive data leakage.

Affected Version(s)

1st Gen AMD EPYC™ Processors various

2nd Gen AMD EPYC™ Processors various

3rd Gen AMD EPYC™ Processors various

News Articles

References

https://www.amd.com/en/resources/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

📰
First article discovered by iThome
Aug 12, 2024
Vulnerability published
Aug 12, 2024
Vulnerability Reserved
Apr 27, 2023

Collectors

NVD DatabaseMitre Database1 News Article(s)