Incomplete Memory Cleanup in SEV Firmware Could Lead to Data Integrity Loss
CVE-2023-31356
4.4MEDIUM
Key Information:
- Vendor
Amd
- Status
- Vendor
- CVE Published:
- 13 August 2024
What is CVE-2023-31356?
Incomplete memory cleanup in AMD's SEV (Secure Encrypted Virtualization) firmware poses a significant risk where a privileged attacker may exploit this flaw to corrupt guest private memory. This vulnerability can lead to potential loss of data integrity, compromising the confidentiality and reliability of virtualized environments.
Affected Version(s)
AMD EPYC™ 7003 Processors MilanPI 1.0.0.C
AMD EPYC™ 9004 Processors GenoaPI 1.0.0.B
AMD EPYC™ Embedded 7003 "EmbMilanPI-SP3 1.0.0.8"