Incomplete Memory Cleanup in SEV Firmware Could Lead to Data Integrity Loss
CVE-2023-31356

4.4MEDIUM

Key Information:

Vendor: Amd
Status: Amd Epyc™ 7003 Processors; Amd Epyc™ 9004 Processors; Amd Epyc™ Embedded 7003; Amd Epyc™ Embedded 9004
Vendor: CVE Published:; 13 August 2024

What is CVE-2023-31356?

Incomplete memory cleanup in AMD's SEV (Secure Encrypted Virtualization) firmware poses a significant risk where a privileged attacker may exploit this flaw to corrupt guest private memory. This vulnerability can lead to potential loss of data integrity, compromising the confidentiality and reliability of virtualized environments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AMD EPYC™ 7003 Processors MilanPI 1.0.0.C

AMD EPYC™ 9004 Processors GenoaPI 1.0.0.B

AMD EPYC™ Embedded 7003 "EmbMilanPI-SP3 1.0.0.8"

References

https://www.amd.com/en/resources/product-security/bulleti...

vendor-advisory

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Apr 27, 2023

JSON

Amd

What is CVE-2023-31356?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.