Lucene search

Redhat.comRH:CVE-2023-31356

HistoryAug 15, 2024 - 5:18 p.m.

CVE-2023-31356

2024-08-1517:18:48

redhat.com

access.redhat.com

sev firmware

memory cleanup

attacker

data integrity

cve-2023-31356

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

6.8

Confidence

Low

JSON

Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.

References

bugzilla.redhat.com/show_bug.cgi?id=2304593

nvd.nist.gov/vuln/detail/CVE-2023-31356

www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html

www.cve.org/CVERecord?id=CVE-2023-31356

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

6.8

Confidence

Low

JSON

Related for RH:CVE-2023-31356