CVE-2023-31339
MEDIUM EPSS 5.4%
Published Aug 13, 20241y ago · Modified Jun 17, 20262w ago
5.8 CVSS 3.1
Published Aug 13, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
Description
Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required High
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
5.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 2
CWE-125 Out-of-bounds Read Memory Safety
CWE-20 Improper Input Validation Validation
Affected Products 43
| Vendor | Product | Version | Range |
|---|---|---|---|
| amd | trusted_firmware-a | * | <2023.2 |
| trustedfirmware | trusted_firmware-a | * | <2.10.1 |
| amd | zu11eg | * | any |
| amd | zu15eg | * | any |
| amd | zu17eg | * | any |
| amd | zu19eg | * | any |
| amd | zu1cg | * | any |
| amd | zu1eg | * | any |
| amd | zu21dr | * | any |
| amd | zu25dr | * | any |
| amd | zu27dr | * | any |
| amd | zu28dr | * | any |
| amd | zu29dr | * | any |
| amd | zu2cg | * | any |
| amd | zu2eg | * | any |
| amd | zu39dr | * | any |
| amd | zu3cg | * | any |
| amd | zu3eg | * | any |
| amd | zu3tcg | * | any |
| amd | zu3teg | * | any |
| amd | zu42dr | * | any |
| amd | zu43dr | * | any |
| amd | zu46dr | * | any |
| amd | zu47dr | * | any |
| amd | zu48dr | * | any |
| amd | zu49dr | * | any |
| amd | zu4cg | * | any |
| amd | zu4eg | * | any |
| amd | zu4ev | * | any |
| amd | zu5cg | * | any |
| amd | zu5eg | * | any |
| amd | zu5ev | * | any |
| amd | zu63dr | * | any |
| amd | zu64dr | * | any |
| amd | zu65dr | * | any |
| amd | zu67dr | * | any |
| amd | zu6cg | * | any |
| amd | zu6eg | * | any |
| amd | zu7cg | * | any |
| amd | zu7eg | * | any |
| amd | zu7ev | * | any |
| amd | zu9cg | * | any |
| amd | zu9eg | * | any |
References 1
- amd.com https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8002
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.