CVE-2023-31345

HIGH

AMD EPYC 7003 Processors < MilanPI 1.0.0.C - Authenticated Arbitrary Code Execution via SMM Handler Input Validation

Title source: manual

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

Core 3

Core References

Vendor Advisory

Vendor Advisory

Vendor Advisory

CVSS v3 7.5

EPSS 0.0003

EPSS Percentile 10.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

CWE

CWE-1274

Status published

Products (25)

AMD/AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics "Pollock-FT5 1.0.0.7"

AMD/AMD EPYC™ 7003 Processors MilanPI 1.0.0.C

AMD/AMD EPYC™ 9004 Processors GenoaPI 1.0.0.B

AMD/AMD EPYC™ Embedded 7003 "EmbMilanPI-SP3 1.0.0.8"

AMD/AMD EPYC™ Embedded 9004 EmbGenoaPI-SP5 1.0.0.6

AMD/AMD Instinct™ MI300A MI300API 1.0.0.5

AMD/AMD Ryzen™ 3000 Series Desktop Processors ComboAM4v2PI 1.2.0.C

AMD/AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics "Picasso-FP5 1.0.1.1"

AMD/AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics ComboAM4v2PI 1.2.0.C

AMD/AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics "RenoirPI-FP6 1.0.0.D"

... and 15 more

Published Feb 12, 2025

Tracked Since Feb 18, 2026