Improper Input Validation in SMM Handler on AMD Products
CVE-2023-31343

7.5HIGH

Key Information:

Vendor: Amd
Status: Amd Epyc™ 7003 Processors; Amd Epyc™ 9004 Processors; Amd Instinct™ Mi300a; Amd Ryzen™ 3000 Series Desktop Processors
Vendor: CVE Published:; 11 February 2025

Summary

The vulnerability arises from improper input validation in the System Management Mode (SMM) handler of various AMD processors, which could be exploited by a privileged attacker. If successfully exploited, this flaw allows the attacker to overwrite the System Management RAM (SMRAM), possibly enabling arbitrary code execution. This opens up significant security risks for systems utilizing these AMD products, making it critical to maintain up-to-date firmware and apply recommended security updates promptly.

Affected Version(s)

AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics ComboAM4v2PI 1.2.0.C

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics "Pollock-FT5 1.0.0.7"

AMD EPYC™ 7003 Processors MilanPI 1.0.0.C

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Apr 27, 2023