Privileged Attacker May Access Stale Data from Other Guests via Failure to Initialize Memory
CVE-2023-31346

6MEDIUM

Key Information:

Vendor: AMD
Status: 3rd Gen AMD EPYC™ Processors; 4th Gen AMD EPYC™ Processors
Vendor: CVE Published:; 13 February 2024

Summary

A vulnerability in AMD's SEV Firmware stems from a failure to properly initialize memory, creating a risk where a privileged attacker can access outdated data belonging to other virtual guests. This issue presents significant security implications for environments utilizing virtualization, as it may compromise the confidentiality of sensitive information processed by other users. Users of affected AMD SEV Firmware must prioritize remediation efforts to safeguard their virtualized workloads.

Affected Version(s)

3rd Gen AMD EPYC™ Processors x86 various

4th Gen AMD EPYC™ Processors x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Apr 27, 2023

Collectors

NVD DatabaseMitre Database