Improper Memory Access Vulnerability in AMD Products
CVE-2023-31351

5.3MEDIUM

Key Information:

Vendor: Amd
Status: Amd Epyc™ 7003 Series Processors; Amd Epyc™ 9004 Series Processors; Amd Epyc™ 8004 Series Processors; Amd Epyc™ Embedded 7003 Series Processors
Vendor: CVE Published:; 6 September 2025

What is CVE-2023-31351?

The vulnerability arises from improper restrictions in the Input-Output Memory Management Unit (IOMMU) which could enable a malicious hypervisor to gain unauthorized access to sensitive guest memory. This flaw poses a significant threat to the integrity and confidentiality of the virtualized environments, allowing attackers to manipulate guest operations and potentially extract sensitive data. Users of AMD IOMMU should take precautions and monitor for updates to mitigate the risk.

Affected Version(s)

AMD EPYC™ 7003 Series Processors Milan 100C

AMD EPYC™ 8004 Series Processors Genoa 100C

AMD EPYC™ 9004 Series Processors Genoa 100C

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2025
Vulnerability Reserved
Apr 27, 2023

Amd

What is CVE-2023-31351?

Affected Version(s)

References

CVSS V3.1

Timeline