CVE-2023-31315

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
AMDCNA
7.5 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
6.8 MEDIUM
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Debian logo
Debian Releases
Debian Product
Codename
amd64-microcode
bullseye/non-free
3.20240820.1~deb11u1
fixed
bullseye/non-free (security)
vulnerable
bookworm/non-free-firmware
3.20240820.1~deb12u1
fixed
bookworm/non-free-firmware (security)
vulnerable
sid/non-free-firmware
3.20240820.1
fixed
trixie/non-free-firmware
3.20240820.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
amd64-microcode
oracular
Fixed 3.20240116.2+nmu1ubuntu1.1
released
noble
Fixed 3.20231019.1ubuntu2.1
released
jammy
Fixed 3.20191218.1ubuntu2.3
released
focal
Fixed 3.20191218.1ubuntu1.3
released
bionic
Fixed 3.20191021.1+really3.20181128.1~ubuntu0.18.04.1+esm3
released
xenial
Fixed 3.20191021.1+really3.20180524.1~ubuntu0.16.04.2+esm3
released
trusty
ignored
Common Weakness Enumeration
References
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Enrique%20Nissim%20Krzysztof%20Okupski%20-%20AMD%20Sinkclose%20Universal%20Ring-2%20Privilege%20Escalation.pdf
https://news.ycombinator.com/item?id=41475975
https://www.darkreading.com/remote-workforce/amd-issues-updates-for-silicon-level-sinkclose-flaw