Base Score

MEDIUM4.4

CVE-2023-31356

Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.

VectorLOCAL

Published Bypsirt@amd.com

Published DateAug 13, 2024, 17:15

Weakness Type (CWE):CWE-459

CVSS Metrics

Base Score

4.4

Vector String

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

HIGH

Availability (A)

NONE

References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html

Base Score

MEDIUM4.4

Weakness Type (CWE):CWE-459

CVSS Metrics

Base Score

4.4

Vector String

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

HIGH

Availability (A)

NONE