Improper Input Validation in AMD Products Leading to Potential Code Execution
CVE-2023-31345

7.5HIGH

Key Information:

Vendor

Amd
Status
Amd Epyc™ 7003 Processors
Amd Epyc™ 9004 Processors
Amd Instinct™ Mi300a
Amd Ryzen™ 3000 Series Desktop Processors
Vendor
CVE Published:
12 February 2025

What is CVE-2023-31345?

An improper input validation issue exists in the System Management Mode (SMM) handler of certain AMD processors. This vulnerability may allow a privileged attacker to manipulate the System Management RAM (SMRAM), which can potentially lead to unauthorized execution of arbitrary code. Attackers exploiting this flaw could gain increased privileges and perform malicious activities, making it crucial for users and organizations to apply the latest security patches and mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics "Pollock-FT5 1.0.0.7"

AMD EPYC™ 7003 Processors MilanPI 1.0.0.C

AMD EPYC™ 9004 Processors GenoaPI 1.0.0.B

References

https://www.amd.com/en/resources/product-security/bulleti...
https://www.amd.com/en/resources/product-security/bulleti...
https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

JSON
.