CVE-2023-31339

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-31339
Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.

4.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.6 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8002 Broken Link
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:amd:trusted_firmware-a:*:*:*:*:*:*:*:*
cpe:2.3:o:arm:trusted_firmware-a:*:*:*:*:*:*:*:*
OR cpe:2.3:h:amd:zu11eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu15eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu17eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu19eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu1cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu1eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu21dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu25dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu27dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu28dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu29dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu2cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu2eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu39dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu3cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu3eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu3tcg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu3teg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu42dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu43dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu46dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu47dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu48dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu49dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu4cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu4eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu4ev:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu5cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu5eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu5ev:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu63dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu64dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu65dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu67dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu6cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu6eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu7cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu7eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu7ev:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu9cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu9eg:-:*:*:*:*:*:*:*
History

27 Nov 2024, 15:55

Type Values Removed Values Added
CPE cpe:2.3:h:amd:zu11eg:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:trusted_firmware-a:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu6eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu19eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu2eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu47dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu21dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu5ev:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu4ev:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu64dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu6cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu9eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu29dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu3cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu1eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu65dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu48dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu2cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu17eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu43dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu5cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu7eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu4eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu46dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu3eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu39dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu1cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu28dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu25dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu63dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu49dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu4cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu3teg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu42dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu7cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu7ev:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu9cg:-:*:*:*:*:*:*:*
cpe:2.3:o:arm:trusted_firmware-a:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu3tcg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu5eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu27dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu15eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu67dr:-:*:*:*:*:*:*:*
CWE CWE-125
Summary
  • (es) Una validación de entrada incorrecta en el firmware de confianza ARM® utilizado en Zynq™ UltraScale+™) MPSoC/RFSoC de AMD puede permitir que un atacante privilegiado realice lecturas fuera de los límites, lo que podría provocar una fuga de datos y una denegación de servicio.
First Time Amd zu3eg
Amd zu4eg
Amd zu21dr
Amd zu7ev
Amd zu9eg
Amd zu6eg
Amd zu28dr
Amd zu48dr
Amd zu1cg
Amd zu42dr
Amd trusted Firmware-a
Amd zu5ev
Amd zu2cg
Amd zu4ev
Amd zu7cg
Amd zu64dr
Amd zu4cg
Amd zu27dr
Arm trusted Firmware-a
Amd zu3cg
Amd
Amd zu5cg
Amd zu43dr
Amd zu2eg
Arm
Amd zu11eg
Amd zu9cg
Amd zu17eg
Amd zu1eg
Amd zu19eg
Amd zu3teg
Amd zu63dr
Amd zu15eg
Amd zu25dr
Amd zu6cg
Amd zu49dr
Amd zu67dr
Amd zu7eg
Amd zu46dr
Amd zu5eg
Amd zu47dr
Amd zu3tcg
Amd zu65dr
Amd zu39dr
Amd zu29dr
References () https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8002 - () https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8002 - Broken Link

13 Aug 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-13 17:15

Updated : 2024-11-27 15:55

NVD link : CVE-2023-31339

Mitre link : CVE-2023-31339

CVE.ORG link : CVE-2023-31339

JSON object : View

Products Affected

amd

  • zu67dr
  • zu4cg
  • zu9cg
  • zu28dr
  • zu42dr
  • zu43dr
  • zu48dr
  • zu65dr
  • zu17eg
  • zu2eg
  • trusted_firmware-a
  • zu2cg
  • zu6cg
  • zu4eg
  • zu5eg
  • zu15eg
  • zu3cg
  • zu47dr
  • zu46dr
  • zu7cg
  • zu7eg
  • zu11eg
  • zu1eg
  • zu27dr
  • zu49dr
  • zu19eg
  • zu29dr
  • zu39dr
  • zu4ev
  • zu25dr
  • zu63dr
  • zu64dr
  • zu5ev
  • zu6eg
  • zu3tcg
  • zu5cg
  • zu9eg
  • zu3eg
  • zu7ev
  • zu3teg
  • zu21dr
  • zu1cg

arm

  • trusted_firmware-a
CWE
CWE-20

Improper Input Validation

CWE-125

Out-of-bounds Read