CVE-2023-31346

MEDIUM

SEV Firmware - Info Disclosure

Title source: llm

Description

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.

Exploits (1)

nomisec WORKING POC 1 stars
by Freax13 · poc
https://github.com/Freax13/cve-2023-31346-poc

References (1)

Scores

CVSS v3 6.0
EPSS 0.0004
EPSS Percentile 10.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Classification

CWE
CWE-284
Status published

Affected Products (50)

amd/epyc_7773x_firmware < milanpi_1.0.0.c
amd/epyc_7763_firmware < milanpi_1.0.0.c
amd/epyc_7713_firmware < milanpi_1.0.0.c
amd/epyc_7713p_firmware < milanpi_1.0.0.c
amd/epyc_7663_firmware < milanpi_1.0.0.c
amd/epyc_7663p_firmware < milanpi_1.0.0.c
amd/epyc_7643_firmware < milanpi_1.0.0.c
amd/epyc_7643p_firmware < milanpi_1.0.0.c
amd/epyc_7573x_firmware < milanpi_1.0.0.c
amd/epyc_75f3_firmware < milanpi_1.0.0.c
amd/epyc_7543_firmware < milanpi_1.0.0.c
amd/epyc_7543p_firmware < milanpi_1.0.0.c
amd/epyc_7513_firmware < milanpi_1.0.0.c
amd/epyc_7453_firmware < milanpi_1.0.0.c
amd/epyc_7473x_firmware < milanpi_1.0.0.c
... and 35 more

Timeline

Published Feb 13, 2024
Tracked Since Feb 18, 2026