Incomplete Memory Cleanup in SEV Firmware Could Lead to Data Integrity Loss
CVE-2023-31356

4.4MEDIUM

Key Information:

Vendor: Amd
Status: Amd Epyc™ 7003 Processors; Amd Epyc™ 9004 Processors
Vendor: CVE Published:; 13 August 2024

Summary

Incomplete memory cleanup in AMD's SEV (Secure Encrypted Virtualization) firmware poses a significant risk where a privileged attacker may exploit this flaw to corrupt guest private memory. This vulnerability can lead to potential loss of data integrity, compromising the confidentiality and reliability of virtualized environments.

Affected Version(s)

AMD EPYC™ 7003 Processors MilanPI 1.0.0.C

AMD EPYC™ 9004 Processors GenoaPI 1.0.0.B

References

https://www.amd.com/en/resources/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Apr 27, 2023

Collectors

NVD DatabaseMitre Database