CVE-2023-31339

MEDIUM

ARM Trusted Firmware - Memory Corruption

Title source: llm

Description

Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.

References (1)

[Broken Link] https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8002

Scores

CVSS v3 4.8

EPSS 0.0010

EPSS Percentile 26.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:H

Classification

CWE

CWE-125 CWE-20

Status published

Affected Products (2)

amd/trusted_firmware-a < 2023.2

arm/trusted_firmware-a < 2.10.1

Timeline

Published Aug 13, 2024

Tracked Since Feb 18, 2026