CVE-2023-31364

Summary

Improper handling of direct memory writes in the input-output memory management unit could allow a malicious guest virtual machine (VM) to flood a host with writes, potentially causing a fatal machine check error resulting in denial of service.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 7001 Series ProcessorsNaplesPI 1.0.0.Runaffected
AMDAMD EPYC™ 7002 Series ProcessorsRomePI 1.0.0.Nunaffected
AMDAMD EPYC™ 7003 Series ProcessorsMilanPI 1.0.0.Hunaffected
AMDAMD EPYC™ 8004 Series ProcessorsGenoaPI 1.0.0.Gunaffected
AMDAMD EPYC™ 9004 Series ProcessorsGenoaPI 1.0.0.Gunaffected
AMDAMD EPYC™ 9005 Series ProcessorsTurinPI 1.0.0.7unaffected
AMDAMD EPYC™ Embedded 3000 Series ProcessorsSnowyOwl_SP4_SP4r2.1.1.0.Hunaffected
AMDAMD EPYC™ Embedded 7002 Series ProcessorsEmbRomePI-SP3 1.0.0.Funaffected
AMDAMD EPYC™ Embedded 7003 Series ProcessorsEmbMilanPI-SP3 v9 1.0.0.Cunaffected
AMDAMD EPYC™ Embedded 8004 Series ProcessorsEmbGenoaPI-SP5 1.0.0.Baffected
AMDAMD EPYC™ Embedded 9004 Series ProcessorEmbGenoaPI-SP5 1.0.0.Baffected
AMDAMD EPYC™ Embedded 9005 Series ProcessorsEmbTurinPI-SP5 1.0.0.1unaffected
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsNo Fix Plannedaffected
AMDAMD Ryzen™ 3000 Series Desktop ProcessorsNo Fix Plannedaffected
AMDAMD Ryzen™ 3000 Series Mobile Processors with Radeon™ GraphicsNo Fix Plannedaffected
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsNo Fix Plannedaffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsNo Fix Plannedaffected
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsNo Fix Plannedaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsNo Fix Plannedaffected
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsNo Fix Plannedaffected
AMDAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ GraphicsNo Fix Plannedaffected
AMDAMD Ryzen™ 7045 Series Mobile Processors with Radeon™ GraphicsNo Fix Plannedaffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsNo Fix Plannedaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsNo Fix Plannedaffected
AMDAMD Ryzen™ Threadripper™ PRO 5000 WX-Series ProcessorsNo Fix Plannedaffected
AMDAMD Ryzen™ Embedded 5000 Series ProcessorsNo Fix Plannedaffected
AMDAMD Ryzen™ Embedded 7000 Series ProcessorsNo Fix Plannedaffected
AMDAMD Ryzen™ Embedded 8000 Series ProcessorsNo Fix Plannedaffected
AMDAMD Ryzen™ Embedded R1000 Series ProcessorsNo Fix Plannedaffected
AMDAMD Ryzen™ Embedded R2000 Series ProcessorsNo Fix Plannedaffected
AMDAMD Ryzen™ Embedded V1000 Series ProcessorsNo Fix Plannedaffected
AMDAMD Ryzen™ Embedded V2000 Series ProcessorsNo Fix Plannedaffected
AMDAMD Ryzen™ Embedded V3000 Series ProcessorsNo Fix Plannedaffected

Weaknesses

  • CWE-119: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References