Cyber Resilience

CVE-2023-31345

High

Published: 12 February 2025

Published
12 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0004 13.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-31345 is a high-severity Improper Access Control for Volatile Memory Containing Boot Code (CWE-1274) vulnerability in Amd (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique System Firmware (T1542.001); ranked at the 13.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2023-31345 involves improper input validation in the SMM handler, which may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. This vulnerability, associated with CWE-1274, affects AMD platforms, as documented in multiple AMD security bulletins.

Exploitation requires local access (AV:L), high attack complexity (AC:H), and high privileges (PR:H), with no user interaction (UI:N). A successful attack can achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within a changed scope (S:C), yielding a CVSS v3.1 base score of 7.5.

AMD has published security bulletins, including AMD-SB-3009, AMD-SB-4008, and AMD-SB-5004, which detail mitigations and patches to address this issue. The vulnerability was published on 2025-02-12.

EU & UK References

Vulnerability details

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1542.001 System Firmware Stealth
Adversaries may modify system firmware to persist on systems.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Improper input validation in SMM handler enables SMRAM overwrite for arbitrary code execution at firmware level (T1542.001) and privilege escalation (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

Affected Assets

Amd
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper input validation in the SMM handler that enables SMRAM overwrite by enforcing validation of inputs at entry points.

prevent

Mitigates the specific flaw through identification, testing, and timely installation of AMD patches detailed in security bulletins like AMD-SB-3009.

preventdetect

Verifies integrity of firmware and SMRAM contents to detect and prevent arbitrary code execution from unauthorized overwrites.

References