Cyber Resilience

CVE-2023-31342

High

Published: 11 February 2025

Published
11 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0004 13.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-31342 is a high-severity Insufficient Granularity of Access Control (CWE-1220) vulnerability in Amd (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 13.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2023-31342 involves improper input validation in the SMM handler, which may allow a privileged attacker to overwrite SMRAM and potentially achieve arbitrary code execution. This vulnerability, associated with CWE-1220, affects AMD systems and was published on 2025-02-11 with a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

A local attacker with high privileges can exploit this issue through a high-complexity attack that requires no user interaction. Exploitation enables overwriting of SMRAM, leading to arbitrary code execution with high impacts on confidentiality, integrity, and availability, along with a change in scope.

AMD has addressed this vulnerability in Security Bulletins SB-3009, SB-4008, and SB-5004, which provide details on mitigations and patches.

EU & UK References

Vulnerability details

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1542.001 System Firmware Stealth
Adversaries may modify system firmware to persist on systems.
T1542.003 Bootkit Stealth
Adversaries may use bootkits to persist on systems.
Why these techniques?

SMM handler input validation flaw directly enables local privileged arbitrary code execution at ring -2, facilitating firmware-level privilege escalation and bootkit-style persistence via SMRAM overwrite.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2023-31343Shared CWE-1220
CVE-2026-33825Shared CWE-1220
CVE-2024-53295Shared CWE-1220
CVE-2026-6356Shared CWE-1220
CVE-2026-35436Shared CWE-1220
CVE-2026-6388Shared CWE-1220
CVE-2025-7493Shared CWE-1220
CVE-2026-40365Shared CWE-1220
CVE-2024-13256Shared CWE-1220
CVE-2025-20111Shared CWE-1220

Affected Assets

Amd
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper input validation in the SMM handler that enables SMRAM overwrite by enforcing validation at interfaces.

prevent

Ensures timely remediation of the specific flaw in the SMM handler via AMD patches, preventing exploitation.

prevent

Protects SMRAM from unauthorized access and modification by implementing memory safeguards against privileged attacker overwrites.

References