CVE-2023-31345
Published: 12 February 2025
Summary
CVE-2023-31345 is a high-severity Improper Access Control for Volatile Memory Containing Boot Code (CWE-1274) vulnerability in Amd (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique System Firmware (T1542.001); ranked at the 13.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2023-31345 involves improper input validation in the SMM handler, which may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. This vulnerability, associated with CWE-1274, affects AMD platforms, as documented in multiple AMD security bulletins.
Exploitation requires local access (AV:L), high attack complexity (AC:H), and high privileges (PR:H), with no user interaction (UI:N). A successful attack can achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within a changed scope (S:C), yielding a CVSS v3.1 base score of 7.5.
AMD has published security bulletins, including AMD-SB-3009, AMD-SB-4008, and AMD-SB-5004, which detail mitigations and patches to address this issue. The vulnerability was published on 2025-02-12.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-35656
Vulnerability details
Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper input validation in SMM handler enables SMRAM overwrite for arbitrary code execution at firmware level (T1542.001) and privilege escalation (T1068).
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the improper input validation in the SMM handler that enables SMRAM overwrite by enforcing validation of inputs at entry points.
Mitigates the specific flaw through identification, testing, and timely installation of AMD patches detailed in security bulletins like AMD-SB-3009.
Verifies integrity of firmware and SMRAM contents to detect and prevent arbitrary code execution from unauthorized overwrites.