Incomplete Memory Cleanup in SEV Firmware Could Lead to Data Integrity Loss
CVE-2023-31356
4.4MEDIUM
Key Information
- Vendor
- Amd
- Status
- Amd Epyc™ 7003 Processors
- Amd Epyc™ 9004 Processors
- Vendor
- CVE Published:
- 13 August 2024
Summary
Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.
Affected Version(s)
AMD EPYC™ 7003 Processors <= MilanPI 1.0.0.C
AMD EPYC™ 9004 Processors <= GenoaPI 1.0.0.B
CVSS V3.1
Score:
4.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database