CVE-2023-31347

Description

Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected products

AMD / 3rd Gen AMD EPYC™ Processorsvarious – various
AMD / 4th Gen AMD EPYC™ Processorsvarious – various

References

MISChttps://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007