CVE-2023-31339

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-31339
Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.

4.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.6 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8002 Broken Link
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:amd:trusted_firmware-a:*:*:*:*:*:*:*:*
cpe:2.3:o:arm:trusted_firmware-a:*:*:*:*:*:*:*:*
OR cpe:2.3:h:amd:zu11eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu15eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu17eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu19eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu1cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu1eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu21dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu25dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu27dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu28dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu29dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu2cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu2eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu39dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu3cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu3eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu3tcg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu3teg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu42dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu43dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu46dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu47dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu48dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu49dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu4cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu4eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu4ev:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu5cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu5eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu5ev:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu63dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu64dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu65dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu67dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu6cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu6eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu7cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu7eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu7ev:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu9cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu9eg:-:*:*:*:*:*:*:*
History

27 Nov 2024, 15:55

Type Values Removed Values Added
References () https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8002 - () https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8002 - Broken Link
CWE CWE-125
Summary
  • (es) Una validación de entrada incorrecta en el firmware de confianza ARM® utilizado en Zynq™ UltraScale+™) MPSoC/RFSoC de AMD puede permitir que un atacante privilegiado realice lecturas fuera de los límites, lo que podría provocar una fuga de datos y una denegación de servicio.
CPE cpe:2.3:h:amd:zu4ev:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu27dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu1cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu47dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu11eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu15eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu3eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu43dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu7eg:-:*:*:*:*:*:*:*
cpe:2.3:o:arm:trusted_firmware-a:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu19eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu48dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu2cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu4eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu65dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu39dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu64dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu9cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu21dr:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:trusted_firmware-a:*:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu6eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu1eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu7ev:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu17eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu28dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu3tcg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu5eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu9eg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu5ev:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu67dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu4cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu63dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu7cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu46dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu29dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu42dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu3teg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu5cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu49dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu6cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu3cg:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu25dr:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:zu2eg:-:*:*:*:*:*:*:*
First Time Amd
Amd zu27dr
Arm trusted Firmware-a
Amd zu4cg
Amd zu5eg
Amd zu9cg
Amd zu19eg
Amd zu5cg
Amd zu21dr
Arm
Amd zu43dr
Amd zu6cg
Amd zu7eg
Amd zu39dr
Amd zu46dr
Amd zu28dr
Amd zu3teg
Amd zu11eg
Amd zu3tcg
Amd zu64dr
Amd zu49dr
Amd zu48dr
Amd trusted Firmware-a
Amd zu4eg
Amd zu9eg
Amd zu4ev
Amd zu65dr
Amd zu5ev
Amd zu17eg
Amd zu47dr
Amd zu67dr
Amd zu3eg
Amd zu1cg
Amd zu3cg
Amd zu15eg
Amd zu6eg
Amd zu7cg
Amd zu1eg
Amd zu42dr
Amd zu29dr
Amd zu7ev
Amd zu25dr
Amd zu2eg
Amd zu2cg
Amd zu63dr

13 Aug 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-13 17:15

Updated : 2024-11-27 15:55

NVD link : CVE-2023-31339

Mitre link : CVE-2023-31339

CVE.ORG link : CVE-2023-31339

JSON object : View

Products Affected

amd

  • zu6cg
  • zu3teg
  • zu29dr
  • zu21dr
  • zu3eg
  • zu43dr
  • zu2cg
  • zu7eg
  • zu63dr
  • zu9eg
  • zu5ev
  • zu19eg
  • zu5cg
  • zu27dr
  • zu15eg
  • zu4cg
  • zu47dr
  • zu1eg
  • zu11eg
  • zu46dr
  • zu48dr
  • zu1cg
  • zu7ev
  • zu3tcg
  • zu39dr
  • trusted_firmware-a
  • zu28dr
  • zu2eg
  • zu4eg
  • zu65dr
  • zu3cg
  • zu5eg
  • zu64dr
  • zu4ev
  • zu6eg
  • zu9cg
  • zu25dr
  • zu67dr
  • zu49dr
  • zu42dr
  • zu7cg
  • zu17eg

arm

  • trusted_firmware-a
CWE
CWE-20

Improper Input Validation

CWE-125

Out-of-bounds Read