CVE-2023-31315

Description

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected products

AMD / 1st Gen AMD EPYC™ Processorsvarious – Naples PI 1.0.0.M
AMD / 2nd Gen AMD EPYC™ Processorsvarious – Rome PI 1.0.0.J
AMD / 3rd Gen AMD EPYC™ Processorsvarious – Milan PI 1.0.0.D
AMD / 4th Gen AMD EPYC™ Processorsvarious – Genoa PI 1.0.0.C
AMD / AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphicsvarious – Picasso-FP5 1.0.1.2
AMD / AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphicsvarious – PollockPI-FT5 1.0.0.8
AMD / AMD EPYC™ Embedded 3000various – various
AMD / AMD EPYC™ Embedded 7002various – various
AMD / AMD EPYC™ Embedded 7003various – various
AMD / AMD EPYC™ Embedded 9003various – EmbGenoaPI 1.0.0.7
AMD / AMD Ryzen™ 3000 Series Desktop Processorsvarious – various
AMD / AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphicsvarious – Picasso-FP5 1.0.1.2
AMD / AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphicsvarious – ComboAM4v2PI 1.2.0.cb
AMD / AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphicsvarious – RenoirPI-FP6 1.0.0.E
AMD / AMD Ryzen™ 5000 Series Desktop Processorsvarious – ComboAM4v2PI 1.2.0.cb
AMD / AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphicsvarious – ComboAM4v2PI 1.2.0.cb
AMD / AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphicsvarious – CezannePI-FP6 1.0.1.1
AMD / AMD Ryzen™ 6000 Series Processors with Radeon™ Graphicsvarious – RembrandtPI-FP7 1.0.0.B
AMD / AMD Ryzen™ 7000 Series Desktop Processorsvarious – ComboAM5PI 1.2.0.1
AMD / AMD Ryzen™ 7020 Series Processors with Radeon™ Graphicsvarious – MendocinoPI-FT6 1.0.0.7
AMD / AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphicsvarious – CezannePI-FP6
AMD / AMD Ryzen™ 7035 Series Processors with Radeon™ Graphicsvarious – RembrandtPI-FP7 1.0.0.B
AMD / AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphicsvarious – PhoenixPI-FP8-FP7 1.1.0.3
AMD / AMD Ryzen™ 7045 Series Mobile Processorsvarious – DragonRangeFL1 1.0.0.3e
AMD / AMD Ryzen™ 8000 Series Processors with Radeon™ Graphicsvarious – ComboAM5PI 1.2.0.1
AMD / AMD Ryzen™ Embedded 5000various – various
AMD / AMD Ryzen™ Embedded 7000various – various
AMD / AMD Ryzen™ Embedded R1000various – various
AMD / AMD Ryzen™ Embedded R2000various – various
AMD / AMD Ryzen™ Embedded V1000various – various
AMD / AMD Ryzen™Embedded V2000various – various
AMD / AMD Ryzen™Embedded V3000various – various
AMD / AMD Ryzen™ Threadripper™ 3000 Series Processorsvarious – CastlePeakPI-SP3r3 1.0.0.B
AMD / AMD Ryzen™ Threadripper™ PRO 3000WX Series Processorsvarious – ChagallWSPI-sWRX8 1.0.0.8
AMD / AMD Ryzen™ Threadripper™ PRO Processorsvarious – ChagallWSPI-sWRX8 1.0.0.8
AMD / AMD Ryzen™ Threadripper™ PRO Processorsvarious – CastlePeakWSPI-sWRX8 1.0.0.D

References

MISChttps://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html