Potential vulnerability in MSR could lead to arbitrary code execution
Key Information
- Vendor
- Amd
- Status
- 3rd Gen Amd Epyc™ Processors
- 1st Gen Amd Epyc™ Processors
- 2nd Gen Amd Epyc™ Processors
- 4th Gen Amd Epyc™ Processors
- Vendor
- CVE Published:
- 12 August 2024
Badges
Summary
CVE-2023-31315 is a potential vulnerability in AMD's model specific register (MSR) that could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. The vulnerability affects the majority of AMD processors and has been patched by AMD in the Ryzen 3000 Series desktop processors. It has not been exploited by ransomware groups. Additionally, there are warnings about multiple cloud service provider attacks related to the Black Hat USA conference, and a potential vulnerability in Office that could lead to sensitive data leakage.
Affected Version(s)
3rd Gen AMD EPYC™ Processors < various
1st Gen AMD EPYC™ Processors <= various
2nd Gen AMD EPYC™ Processors <= various
News Articles
CVSS V3.1
Timeline
First article discovered by iThome
Vulnerability published.
Vulnerability Reserved.