Vulnerability Description
Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amd | Trusted Firmware-A | < 2023.2 |
| Arm | Trusted Firmware-A | < 2.10.1 |
| Amd | Zu11Eg | - |
| Amd | Zu15Eg | - |
| Amd | Zu17Eg | - |
| Amd | Zu19Eg | - |
| Amd | Zu1Cg | - |
| Amd | Zu1Eg | - |
| Amd | Zu21Dr | - |
| Amd | Zu25Dr | - |
| Amd | Zu27Dr | - |
| Amd | Zu28Dr | - |
| Amd | Zu29Dr | - |
| Amd | Zu2Cg | - |
| Amd | Zu2Eg | - |
| Amd | Zu39Dr | - |
| Amd | Zu3Cg | - |
| Amd | Zu3Eg | - |
| Amd | Zu3Tcg | - |
| Amd | Zu3Teg | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2023-31339?
CVE-2023-31339 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage an...
How severe is CVE-2023-31339?
CVE-2023-31339 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-31339?
Check the references section above for vendor advisories and patch information. Affected products include: Amd Trusted Firmware-A, Arm Trusted Firmware-A, Amd Zu11Eg, Amd Zu15Eg, Amd Zu17Eg.