Vulnerability Description
Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amd | Epyc 7773X Firmware | < milanpi_1.0.0.c |
| Amd | Epyc 7773X | - |
| Amd | Epyc 7763 Firmware | < milanpi_1.0.0.c |
| Amd | Epyc 7763 | - |
| Amd | Epyc 7713 Firmware | < milanpi_1.0.0.c |
| Amd | Epyc 7713 | - |
| Amd | Epyc 7713P Firmware | - |
| Amd | Epyc 7713P | - |
| Amd | Epyc 7663 Firmware | < milanpi_1.0.0.c |
| Amd | Epyc 7663 | - |
| Amd | Epyc 7663P Firmware | < milanpi_1.0.0.c |
| Amd | Epyc 7663P | - |
| Amd | Epyc 7643 Firmware | < milanpi_1.0.0.c |
| Amd | Epyc 7643 | - |
| Amd | Epyc 7643P Firmware | < milanpi_1.0.0.c |
| Amd | Epyc 7643P | - |
| Amd | Epyc 7573X Firmware | < milanpi_1.0.0.c |
| Amd | Epyc 7573X | - |
| Amd | Epyc 75F3 Firmware | < milanpi_1.0.0.c |
| Amd | Epyc 75F3 | - |
Related Weaknesses (CWE)
References
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007Broken Link
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007Broken Link
FAQ
What is CVE-2023-31347?
CVE-2023-31347 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of gues...
How severe is CVE-2023-31347?
CVE-2023-31347 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-31347?
Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 7773X Firmware, Amd Epyc 7773X, Amd Epyc 7763 Firmware, Amd Epyc 7763, Amd Epyc 7713 Firmware.