CVE-2023-31315

Summary

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
AMD3rd Gen AMD EPYC™ Processorsvarious < Milan PI 1.0.0.Daffected
AMD1st Gen AMD EPYC™ Processorsvarious < Naples PI 1.0.0.Maffected
AMD2nd Gen AMD EPYC™ Processorsvarious < Rome PI 1.0.0.Jaffected
AMD4th Gen AMD EPYC™ Processorsvarious < Genoa PI 1.0.0.Cunaffected
AMDAMD EPYC™ Embedded 3000variousaffected
AMDAMD EPYC™ Embedded 7002variousaffected
AMDAMD EPYC™ Embedded 7003variousaffected
AMDAMD EPYC™ Embedded 9003various < EmbGenoaPI 1.0.0.7unaffected
AMDAMD Ryzen™ Embedded R1000variousaffected
AMDAMD Ryzen™ Embedded R2000variousaffected
AMDAMD Ryzen™ Embedded 5000variousaffected
AMDAMD Ryzen™ Embedded 7000variousaffected
AMDAMD Ryzen™ Embedded V1000variousaffected
AMDAMD Ryzen™ Embedded V2000variousaffected
AMDAMD Ryzen™ Embedded V3000variousaffected
AMDAMD Ryzen™ 3000 Series Desktop Processorsvariousaffected
AMDAMD Ryzen™ 5000 Series Desktop Processorsvarious < ComboAM4v2PI 1.2.0.cbunaffected
AMDAMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphicsvarious < ComboAM4v2PI 1.2.0.cbunaffected
AMDAMD Ryzen™ 7000 Series Desktop Processorsvarious < ComboAM5PI 1.2.0.1affected
AMDAMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphicsvarious < ComboAM4v2PI 1.2.0.cbaffected
AMDAMD Ryzen™ Threadripper™ 3000 Series Processorsvarious < CastlePeakPI-SP3r3 1.0.0.Baffected
AMDAMD Ryzen™ Threadripper™ PRO Processorsvarious < ChagallWSPI-sWRX8 1.0.0.8affected
AMDAMD Ryzen™ Threadripper™ PRO Processorsvarious < CastlePeakWSPI-sWRX8 1.0.0.Dunaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series Processorsvarious < ChagallWSPI-sWRX8 1.0.0.8unaffected
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphicsvarious < Picasso-FP5 1.0.1.2unaffected
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphicsvarious < PollockPI-FT5 1.0.0.8unaffected
AMDAMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphicsvarious < Picasso-FP5 1.0.1.2affected
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphicsvarious < RenoirPI-FP6 1.0.0.Eunaffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphicsvarious < CezannePI-FP6 1.0.1.1unaffected
AMDAMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphicsvarious < CezannePI-FP6affected
AMDAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphicsvarious < PhoenixPI-FP8-FP7 1.1.0.3unaffected
AMDAMD Ryzen™ 7045 Series Mobile Processorsvarious < DragonRangeFL1 1.0.0.3eunaffected
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ Graphicsvarious < RembrandtPI-FP7 1.0.0.Bunaffected
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ Graphicsvarious < MendocinoPI-FT6 1.0.0.7affected
AMDAMD Ryzen™ 7035 Series Processors with Radeon™ Graphicsvarious < RembrandtPI-FP7 1.0.0.Bunaffected
AMDAMD Ryzen™ 8000 Series Processors with Radeon™ Graphicsvarious < ComboAM5PI 1.2.0.1unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References