Improper Input Validation in AMD Products Leading to Potential Code Execution
CVE-2023-31345

7.5HIGH

Key Information:

Vendor: Amd
Status: Amd Epyc™ 7003 Processors; Amd Epyc™ 9004 Processors; Amd Instinct™ Mi300a; Amd Ryzen™ 3000 Series Desktop Processors
Vendor: CVE Published:; 12 February 2025

What is CVE-2023-31345?

An improper input validation issue exists in the System Management Mode (SMM) handler of certain AMD processors. This vulnerability may allow a privileged attacker to manipulate the System Management RAM (SMRAM), which can potentially lead to unauthorized execution of arbitrary code. Attackers exploiting this flaw could gain increased privileges and perform malicious activities, making it crucial for users and organizations to apply the latest security patches and mitigate risks.

Affected Version(s)

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics "Pollock-FT5 1.0.0.7"

AMD EPYC™ 7003 Processors MilanPI 1.0.0.C

AMD EPYC™ 9004 Processors GenoaPI 1.0.0.B

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2025

Amd

What is CVE-2023-31345?

Affected Version(s)

References

CVSS V3.1

Timeline