Memory Exposure Vulnerability in SEV Firmware by AMD
CVE-2023-31352

6MEDIUM

Key Information:

Vendor
Amd
Vendor
CVE Published:
11 February 2025

Summary

A flaw in the SEV firmware could potentially let an attacker with the right privileges access sensitive unencrypted memory. This breach may enable unauthorized access to guest private data, posing a significant risk to data privacy and security. Organizations leveraging AMD's SEV technology should remain vigilant and apply the necessary security measures.

Affected Version(s)

AMD EPYC™ 9004 Processors GenoaPI 1.0.0.C

AMD EPYC™ Embedded 9004 EmbGenoaPI-SP5 1.0.0.7

AMD EPYC™ 9004 Processors GenoaPI 1.0.0.C

References

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.