CVE-2023-31345 - Vulnerability Details - OpenCVE

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html

History

Wed, 12 Feb 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 12 Feb 2025 00:00:00 +0000

Type	Values Removed	Values Added
Description		Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.
Weaknesses		CWE-20
References		https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2025-02-11T23:49:05.388Z

Updated: 2025-02-12T15:33:04.071Z

Reserved: 2023-04-27T15:25:41.427Z

Link: CVE-2023-31345

Vulnrichment

Updated: 2025-02-12T15:32:54.232Z

NVD

Status : Received

Published: 2025-02-12T00:15:08.003

Modified: 2025-02-12T00:15:08.003

Link: CVE-2023-31345

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-31345", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2023-04-27T15:25:41.427Z", "datePublished": "2025-02-11T23:49:05.388Z", "dateUpdated": "2025-02-12T15:33:04.071Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "AMD EPYC\u2122 7003 Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "MilanPI 1.0.0.C"}]}, {"defaultStatus": "affected", "product": "AMD EPYC\u2122 9004 Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "GenoaPI 1.0.0.B"}]}, {"defaultStatus": "affected", "product": "AMD Instinct\u2122 MI300A", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "MI300API 1.0.0.5"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4v2PI 1.2.0.C"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4v2PI 1.2.0.C"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4v2PI 1.2.0.C"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM5 1.1.0.2"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4v2PI 1.2.0.C"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM5 1.1.0.2"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.7"}]}, {"defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"Pollock-FT5 1.0.0.7\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"Picasso-FP5 1.0.1.1\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"RenoirPI-FP6 1.0.0.D\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"Cezanne-FP6 1.0.1.0\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"MendocinoPI-FT6 1.0.0.6\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"Rembrandt-FP7 1.0.0.A\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"Rembrandt-FP7 1.0.0.A\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"PhoenixPI-FP8-FP7 1.1.0.2\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Mobile Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"DragonRangeFL1PI 1.0.0.3C\""}]}, {"defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7003", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"EmbMilanPI-SP3 1.0.0.8\""}]}, {"defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 9004", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbGenoaPI-SP5 1.0.0.6"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 5000", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"EmbAM4PI 1.0.0.5\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 7000", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbeddedAM5PI 1.0.0.1"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"EmbeddedPI-FP6 1.0.0.9\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V3000", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"Embedded-PI FP7r2 1.0.0.9\""}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."}], "value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2025-02-11T23:49:05.388Z"}, "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"}, {"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html"}, {"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-12T15:32:58.953979Z", "id": "CVE-2023-31345", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T15:33:04.071Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-31345", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2023-04-27T15:25:41.427Z", "datePublished": "2025-02-11T23:49:05.388Z", "dateUpdated": "2025-02-12T15:33:04.071Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "AMD EPYC\u2122 7003 Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "MilanPI 1.0.0.C"}]}, {"defaultStatus": "affected", "product": "AMD EPYC\u2122 9004 Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "GenoaPI 1.0.0.B"}]}, {"defaultStatus": "affected", "product": "AMD Instinct\u2122 MI300A", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "MI300API 1.0.0.5"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4v2PI 1.2.0.C"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4v2PI 1.2.0.C"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4v2PI 1.2.0.C"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM5 1.1.0.2"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4v2PI 1.2.0.C"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM5 1.1.0.2"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.7"}]}, {"defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"Pollock-FT5 1.0.0.7\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"Picasso-FP5 1.0.1.1\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"RenoirPI-FP6 1.0.0.D\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"Cezanne-FP6 1.0.1.0\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"MendocinoPI-FT6 1.0.0.6\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"Rembrandt-FP7 1.0.0.A\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"Rembrandt-FP7 1.0.0.A\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"PhoenixPI-FP8-FP7 1.1.0.2\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Mobile Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"DragonRangeFL1PI 1.0.0.3C\""}]}, {"defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7003", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"EmbMilanPI-SP3 1.0.0.8\""}]}, {"defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 9004", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbGenoaPI-SP5 1.0.0.6"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 5000", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"EmbAM4PI 1.0.0.5\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 7000", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbeddedAM5PI 1.0.0.1"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"EmbeddedPI-FP6 1.0.0.9\""}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V3000", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "\"Embedded-PI FP7r2 1.0.0.9\""}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."}], "value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2025-02-11T23:49:05.388Z"}, "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"}, {"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html"}, {"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-31345", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-12T15:32:58.953979Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T15:32:54.232Z"}}]}}