Guest Integrity at Risk Due to Code Bug in Secure TSC
CVE-2023-31347

4.9MEDIUM

Key Information:

Vendor: Amd
Status: 3rd Gen Amd Epyc™ Processors; 4th Gen Amd Epyc™ Processors
Vendor: CVE Published:; 13 February 2024

What is CVE-2023-31347?

A code bug present in the SEV firmware related to the Secure TSC function has been identified, allowing an attacker with elevated privileges to influence the Time Stamp Counter (TSC) perceived by guests when Secure TSC is enabled. This manipulation could lead to a compromised state of guest integrity, potentially impacting the stability and reliability of the virtualized environment.

Affected Version(s)

3rd Gen AMD EPYC™ Processors x86 various

4th Gen AMD EPYC™ Processors x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Apr 27, 2023

Amd

What is CVE-2023-31347?

Affected Version(s)

References

CVSS V3.1

Timeline