Memory Exposure Vulnerability in SEV Firmware by AMD
CVE-2023-31352
6MEDIUM
Key Information:
- Vendor
- Amd
- Vendor
- CVE Published:
- 11 February 2025
Summary
A flaw in the SEV firmware could potentially let an attacker with the right privileges access sensitive unencrypted memory. This breach may enable unauthorized access to guest private data, posing a significant risk to data privacy and security. Organizations leveraging AMD's SEV technology should remain vigilant and apply the necessary security measures.
Affected Version(s)
AMD EPYC™ 9004 Processors GenoaPI 1.0.0.C
AMD EPYC™ Embedded 9004 EmbGenoaPI-SP5 1.0.0.7
AMD EPYC™ 9004 Processors GenoaPI 1.0.0.C
References
CVSS V3.1
Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved