CVE-2023-31315

CVSS v3.1

7.5

High

Vector

AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AMD EPYC Processors (affected versions not specified) AMD Ryzen Processors (affected versions not specified) AMD Threadripper Processors (affected versions not specified)

Description The issue is related to improper validation in a model specific register (MSR) that could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. This could give an attacker unlimited access to system memory and control over the operating system. The vulnerability is being actively exploited.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2025-03956

CESA-2024_7481

CVE-2023-31315

INFBA-2024_6169

OESA-2024-2104

OPENSUSE-SU-2024:14266-1

OPENSUSE-SU-2024_2980-1

OPENSUSE-SU-2024_3081-1

RHSA-2024:5883

RHSA-2024:5978

RHSA-2024:5980

RHSA-2024:5982

RHSA-2024:7481

RHSA-2024_7481

SUSE-SU-2024:2911-1

SUSE-SU-2024:2943-1

SUSE-SU-2024:2944-1

SUSE-SU-2024:2980-1

SUSE-SU-2024:3081-1

SUSE-SU-2024:4255-1

SUSE-SU-2024_2911-1

SUSE-SU-2024_2943-1

SUSE-SU-2024_2944-1

SUSE-SU-2024_2980-1

SUSE-SU-2024_3081-1

SUSE-SU-2024_4255-1

SUSE-SU-2025:20129-1

SUSE-SU-2025:20227-1

USN-7077-1

Affected Products

Amd Epyc Processors

Amd Ryzen Processors

Amd Threadripper Processors

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2023-31315

Weakness Enumeration

Related Identifiers

Affected Products

References · 75