Hackers Could Overwrite Memory of Decommissioned Guests Through Improper Write Restrictions
CVE-2023-31355
6MEDIUM
Key Information:
- Vendor
Amd
- Status
- Vendor
- CVE Published:
- 5 August 2024
What is CVE-2023-31355?
A security flaw has been identified in AMD's Secure Nested Paging (SNP) firmware, stemming from an improper restriction of write operations. This vulnerability may allow a malicious hypervisor to overwrite a guest's unique memory configuration seed (UMC seed). The potential consequence includes the ability to access sensitive data from memory previously allocated to a decommissioned guest system. Consequently, this issue raises significant concerns regarding the isolation and security of virtualized environments, necessitating immediate attention and remediation.
Affected Version(s)
3rd Gen AMD EPYC™ Processors various
4th Gen AMD EPYC™ Processors various
AMD EPYC™ Embedded 7003 various