CVE-2023-31339

MEDIUM EPSS 5.4%
Published Aug 13, 20241y ago · Modified Jun 17, 20262w ago
5.8 CVSS 3.1
Medium
Find Similar
Published Aug 13, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.

CVSS Details

Base Score
5.8
Exploitability
0.6
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required High
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-125 Out-of-bounds Read Memory Safety
CWE-20 Improper Input Validation Validation

Affected Products 43

VendorProductVersionRange
amdtrusted_firmware-a* <2023.2
trustedfirmwaretrusted_firmware-a* <2.10.1
amdzu11eg*any
amdzu15eg*any
amdzu17eg*any
amdzu19eg*any
amdzu1cg*any
amdzu1eg*any
amdzu21dr*any
amdzu25dr*any
amdzu27dr*any
amdzu28dr*any
amdzu29dr*any
amdzu2cg*any
amdzu2eg*any
amdzu39dr*any
amdzu3cg*any
amdzu3eg*any
amdzu3tcg*any
amdzu3teg*any
amdzu42dr*any
amdzu43dr*any
amdzu46dr*any
amdzu47dr*any
amdzu48dr*any
amdzu49dr*any
amdzu4cg*any
amdzu4eg*any
amdzu4ev*any
amdzu5cg*any
amdzu5eg*any
amdzu5ev*any
amdzu63dr*any
amdzu64dr*any
amdzu65dr*any
amdzu67dr*any
amdzu6cg*any
amdzu6eg*any
amdzu7cg*any
amdzu7eg*any
amdzu7ev*any
amdzu9cg*any
amdzu9eg*any

References 1

  • amd.com https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8002
    Broken Link

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.