CVE-2023-31315

Published: August 13, 2024Last modified: June 6, 2025

Description

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.

Severity score breakdown

Status

References

• https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Enrique%20Nissim%20Krzysztof%20Okupski%20-%20AMD%20Sinkclose%20Universal%20Ring-2%20Privilege%20Escalation.pdf
• https://news.ycombinator.com/item?id=41475975
• https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
• https://www.darkreading.com/remote-workforce/amd-issues-updates-for-silicon-level-sinkclose-flaw