Memory Exposure Vulnerability in SEV Firmware by AMD
CVE-2023-31352

6MEDIUM

Key Information:

Vendor: Amd
Status: Amd Epyc™ 9004 Processors; Amd Epyc™ Embedded 9004
Vendor: CVE Published:; 11 February 2025

Summary

A flaw in the SEV firmware could potentially let an attacker with the right privileges access sensitive unencrypted memory. This breach may enable unauthorized access to guest private data, posing a significant risk to data privacy and security. Organizations leveraging AMD's SEV technology should remain vigilant and apply the necessary security measures.

Affected Version(s)

AMD EPYC™ 9004 Processors GenoaPI 1.0.0.C

AMD EPYC™ Embedded 9004 EmbGenoaPI-SP5 1.0.0.7

AMD EPYC™ 9004 Processors GenoaPI 1.0.0.C

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Apr 27, 2023