CVE-2023-31351

Summary

Improper restriction of operations in the IOMMU could allow a malicious hypervisor to access guest private memory resulting in loss of integrity.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 7003 Series ProcessorsMilan 100Cunaffected
AMDAMD EPYC™ 9004 Series ProcessorsGenoa 100Cunaffected
AMDAMD EPYC™ 8004 Series ProcessorsGenoa 100Cunaffected
AMDAMD EPYC™ Embedded 7003 Series ProcessorsEmbMilanPI-SP3 1.0.0.9unaffected
AMDAMD EPYC™ Embedded 9004 Series ProcessorsEmbGenoaPI-SP5 1.0.0.7unaffected

Weaknesses

  • CWE-119: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References