CVE-2023-31339 : Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ Ultr

Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.

Published 2024-08-13 16:56:22

Updated 2024-11-27 15:55:03

Source Advanced Micro Devices Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2023-31339

AMD » Trusted Firmware-a
Versions before (<) 2023.2
cpe:2.3:o:amd:trusted_firmware-a:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Zu11eg » Version: N/A
When used together with: AMD » Zu15eg » Version: N/A
When used together with: AMD » Zu17eg » Version: N/A
When used together with: AMD » Zu19eg » Version: N/A
When used together with: AMD » Zu1cg » Version: N/A
When used together with: AMD » Zu1eg » Version: N/A
When used together with: AMD » Zu21dr » Version: N/A
When used together with: AMD » Zu25dr » Version: N/A
When used together with: AMD » Zu27dr » Version: N/A
When used together with: AMD » Zu28dr » Version: N/A
When used together with: AMD » Zu29dr » Version: N/A
When used together with: AMD » Zu2cg » Version: N/A
When used together with: AMD » Zu2eg » Version: N/A
When used together with: AMD » Zu39dr » Version: N/A
When used together with: AMD » Zu3cg » Version: N/A
When used together with: AMD » Zu3eg » Version: N/A
When used together with: AMD » Zu3tcg » Version: N/A
When used together with: AMD » Zu3teg » Version: N/A
When used together with: AMD » Zu42dr » Version: N/A
When used together with: AMD » Zu43dr » Version: N/A
When used together with: AMD » Zu46dr » Version: N/A
When used together with: AMD » Zu47dr » Version: N/A
When used together with: AMD » Zu48dr » Version: N/A
When used together with: AMD » Zu49dr » Version: N/A
When used together with: AMD » Zu4cg » Version: N/A
When used together with: AMD » Zu4eg » Version: N/A
When used together with: AMD » Zu4ev » Version: N/A
When used together with: AMD » Zu5cg » Version: N/A
When used together with: AMD » Zu5eg » Version: N/A
When used together with: AMD » Zu5ev » Version: N/A
When used together with: AMD » Zu63dr » Version: N/A
When used together with: AMD » Zu64dr » Version: N/A
When used together with: AMD » Zu65dr » Version: N/A
When used together with: AMD » Zu67dr » Version: N/A
When used together with: AMD » Zu6cg » Version: N/A
When used together with: AMD » Zu6eg » Version: N/A
When used together with: AMD » Zu7cg » Version: N/A
When used together with: AMD » Zu7eg » Version: N/A
When used together with: AMD » Zu7ev » Version: N/A
When used together with: AMD » Zu9cg » Version: N/A
When used together with: AMD » Zu9eg » Version: N/A
ARM » Trusted Firmware-a
Versions before (<) 2.10.1
cpe:2.3:o:arm:trusted_firmware-a:*:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Zu11eg » Version: N/A
When used together with: AMD » Zu15eg » Version: N/A
When used together with: AMD » Zu17eg » Version: N/A
When used together with: AMD » Zu19eg » Version: N/A
When used together with: AMD » Zu1cg » Version: N/A
When used together with: AMD » Zu1eg » Version: N/A
When used together with: AMD » Zu21dr » Version: N/A
When used together with: AMD » Zu25dr » Version: N/A
When used together with: AMD » Zu27dr » Version: N/A
When used together with: AMD » Zu28dr » Version: N/A
When used together with: AMD » Zu29dr » Version: N/A
When used together with: AMD » Zu2cg » Version: N/A
When used together with: AMD » Zu2eg » Version: N/A
When used together with: AMD » Zu39dr » Version: N/A
When used together with: AMD » Zu3cg » Version: N/A
When used together with: AMD » Zu3eg » Version: N/A
When used together with: AMD » Zu3tcg » Version: N/A
When used together with: AMD » Zu3teg » Version: N/A
When used together with: AMD » Zu42dr » Version: N/A
When used together with: AMD » Zu43dr » Version: N/A
When used together with: AMD » Zu46dr » Version: N/A
When used together with: AMD » Zu47dr » Version: N/A
When used together with: AMD » Zu48dr » Version: N/A
When used together with: AMD » Zu49dr » Version: N/A
When used together with: AMD » Zu4cg » Version: N/A
When used together with: AMD » Zu4eg » Version: N/A
When used together with: AMD » Zu4ev » Version: N/A
When used together with: AMD » Zu5cg » Version: N/A
When used together with: AMD » Zu5eg » Version: N/A
When used together with: AMD » Zu5ev » Version: N/A
When used together with: AMD » Zu63dr » Version: N/A
When used together with: AMD » Zu64dr » Version: N/A
When used together with: AMD » Zu65dr » Version: N/A
When used together with: AMD » Zu67dr » Version: N/A
When used together with: AMD » Zu6cg » Version: N/A
When used together with: AMD » Zu6eg » Version: N/A
When used together with: AMD » Zu7cg » Version: N/A
When used together with: AMD » Zu7eg » Version: N/A
When used together with: AMD » Zu7ev » Version: N/A
When used together with: AMD » Zu9cg » Version: N/A
When used together with: AMD » Zu9eg » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-31339

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 5 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-31339

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.8	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:H	N/A	N/A	Advanced Micro Devices Inc.	2024-08-13
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: None Availability: High
5.8	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H	0.6	5.2	NIST	2024-11-27
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: None Availability: High
4.8	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:H	0.6	4.2	Advanced Micro Devices Inc.	2024-08-13
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: None Availability: High

CWE ids for CVE-2023-31339

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Assigned by:
- b58fc414-a1e4-4f92-9d70-1add41838648 (Primary)
- psirt@amd.com (Secondary)
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-31339

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8002

Page not found | AMD
Broken Link

Jump to

Vulnerability Details : CVE-2023-31339

Products affected by CVE-2023-31339

Exploit prediction scoring system (EPSS) score for CVE-2023-31339

CVSS scores for CVE-2023-31339

CWE ids for CVE-2023-31339

References for CVE-2023-31339