CVE-2023-31315

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
Configurations

No configuration.

History

21 Nov 2024, 08:01

Type Values Removed Values Added
References
  • () https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Enrique%20Nissim%20Krzysztof%20Okupski%20-%20AMD%20Sinkclose%20Universal%20Ring-2%20Privilege%20Escalation.pdf -
  • () https://news.ycombinator.com/item?id=41475975 -
  • () https://www.darkreading.com/remote-workforce/amd-issues-updates-for-silicon-level-sinkclose-flaw -

27 Aug 2024, 15:35

Type Values Removed Values Added
CWE CWE-94

13 Aug 2024, 16:15

Type Values Removed Values Added
References
  • {'url': 'https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html', 'source': 'psirt@amd.com'}
  • () https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html -
Summary
  • (es) Una validación inadecuada en un registro específico del modelo (MSR) podría permitir que un programa malicioso con acceso ring0 modifique la configuración de SMM mientras el bloqueo SMI está habilitado, lo que podría provocar la ejecución de código arbitrario.

12 Aug 2024, 13:41

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 13:38

Updated : 2024-11-21 08:01


NVD link : CVE-2023-31315

Mitre link : CVE-2023-31315

CVE.ORG link : CVE-2023-31315


JSON object : View

Products Affected

No product.

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')