CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
Issue Overview:
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. (CVE-2023-31315)
Affected Packages:
linux-firmware
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update linux-firmware to update your system.
New Packages:
noarch:
linux-firmware-20200421-82.git78c0348.amzn2.noarch
iwl100-firmware-39.31.5.1-82.amzn2.noarch
iwl105-firmware-18.168.6.1-82.amzn2.noarch
iwl135-firmware-18.168.6.1-82.amzn2.noarch
iwl1000-firmware-39.31.5.1-82.amzn2.noarch
iwl2000-firmware-18.168.6.1-82.amzn2.noarch
iwl2030-firmware-18.168.6.1-82.amzn2.noarch
iwl3160-firmware-25.30.13.0-82.amzn2.noarch
iwl3945-firmware-15.32.2.9-82.amzn2.noarch
iwl4965-firmware-228.61.2.24-82.amzn2.noarch
iwl5000-firmware-8.83.5.1_1-82.amzn2.noarch
iwl5150-firmware-8.24.2.2-82.amzn2.noarch
iwl6000-firmware-9.221.4.1-82.amzn2.noarch
iwl6000g2a-firmware-18.168.6.1-82.amzn2.noarch
iwl6000g2b-firmware-18.168.6.1-82.amzn2.noarch
iwl6050-firmware-41.28.5.1-82.amzn2.noarch
iwl7260-firmware-25.30.13.0-82.amzn2.noarch
src:
linux-firmware-20200421-82.git78c0348.amzn2.src
Red Hat: CVE-2023-31315
Mitre: CVE-2023-31315