CVE-2023-31345

HIGH

Published Feb 12, 2025 Modified Apr 15, 2026 CWE-1274

Description

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

CVSS v3.1 Score

7.5

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Weakness Type (CWE)

CWE-1274 CWE-1274

References

Other References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html

Frequently Asked Questions

What is CVE-2023-31345? +

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. It has a CVSS v3.1 base score of 7.5 (HIGH).

How severe is CVE-2023-31345? +

CVE-2023-31345 has a CVSS v3.1 score of 7.5 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

How do I check if I'm vulnerable to CVE-2023-31345? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-36345

Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform …

CVE-2025-59404 7.5

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot …

CVE-2025-4043 6.8

An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a …

CVE-2025-59694 6.8

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a …