Improper Input Validation in AMD Products Leading to Potential Code Execution
CVE-2023-31345

7.5HIGH

Key Information:

Vendor
Amd
Status
Amd Epyc™ 7003 Processors
Amd Epyc™ 9004 Processors
Amd Instinct™ Mi300a
Amd Ryzen™ 3000 Series Desktop Processors
Vendor
CVE Published:
12 February 2025

Summary

An improper input validation issue exists in the System Management Mode (SMM) handler of certain AMD processors. This vulnerability may allow a privileged attacker to manipulate the System Management RAM (SMRAM), which can potentially lead to unauthorized execution of arbitrary code. Attackers exploiting this flaw could gain increased privileges and perform malicious activities, making it crucial for users and organizations to apply the latest security patches and mitigate risks.

Affected Version(s)

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics "Pollock-FT5 1.0.0.7"

AMD EPYC™ 7003 Processors MilanPI 1.0.0.C

AMD EPYC™ 9004 Processors GenoaPI 1.0.0.B

References

https://www.amd.com/en/resources/product-security/bulleti...
https://www.amd.com/en/resources/product-security/bulleti...
https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

.