CVE-2023-31339 - Vulnerability Details

Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00097.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

AMD

Zynq™ UltraScale+™ MPSoC/RFSoC

affected

Version	Status	Constraints
`0`	affected	< 2023.2

Configuration 1 [-]

AND

OR	cpe:2.3:o:amd:trusted_firmware-a::::::::
	cpe:2.3:o:arm:trusted_firmware-a::::::::

OR	cpe:2.3:h:amd:zu11eg:-:::::::*
	cpe:2.3:h:amd:zu15eg:-:::::::*
	cpe:2.3:h:amd:zu17eg:-:::::::*
	cpe:2.3:h:amd:zu19eg:-:::::::*
	cpe:2.3:h:amd:zu1cg:-:::::::*
	cpe:2.3:h:amd:zu1eg:-:::::::*
	cpe:2.3:h:amd:zu21dr:-:::::::*
	cpe:2.3:h:amd:zu25dr:-:::::::*
	cpe:2.3:h:amd:zu27dr:-:::::::*
	cpe:2.3:h:amd:zu28dr:-:::::::*
	cpe:2.3:h:amd:zu29dr:-:::::::*
	cpe:2.3:h:amd:zu2cg:-:::::::*
	cpe:2.3:h:amd:zu2eg:-:::::::*
	cpe:2.3:h:amd:zu39dr:-:::::::*
	cpe:2.3:h:amd:zu3cg:-:::::::*
	cpe:2.3:h:amd:zu3eg:-:::::::*
	cpe:2.3:h:amd:zu3tcg:-:::::::*
	cpe:2.3:h:amd:zu3teg:-:::::::*
	cpe:2.3:h:amd:zu42dr:-:::::::*
	cpe:2.3:h:amd:zu43dr:-:::::::*
	cpe:2.3:h:amd:zu46dr:-:::::::*
	cpe:2.3:h:amd:zu47dr:-:::::::*
	cpe:2.3:h:amd:zu48dr:-:::::::*
	cpe:2.3:h:amd:zu49dr:-:::::::*
	cpe:2.3:h:amd:zu4cg:-:::::::*
	cpe:2.3:h:amd:zu4eg:-:::::::*
	cpe:2.3:h:amd:zu4ev:-:::::::*
	cpe:2.3:h:amd:zu5cg:-:::::::*
	cpe:2.3:h:amd:zu5eg:-:::::::*
	cpe:2.3:h:amd:zu5ev:-:::::::*
	cpe:2.3:h:amd:zu63dr:-:::::::*
	cpe:2.3:h:amd:zu64dr:-:::::::*
	cpe:2.3:h:amd:zu65dr:-:::::::*
	cpe:2.3:h:amd:zu67dr:-:::::::*
	cpe:2.3:h:amd:zu6cg:-:::::::*
	cpe:2.3:h:amd:zu6eg:-:::::::*
	cpe:2.3:h:amd:zu7cg:-:::::::*
	cpe:2.3:h:amd:zu7eg:-:::::::*
	cpe:2.3:h:amd:zu7ev:-:::::::*
	cpe:2.3:h:amd:zu9cg:-:::::::*
	cpe:2.3:h:amd:zu9eg:-:::::::*

No data.

Project Subscriptions

Vendors	Products
Amd Subscribe	Trusted Firmware-a Subscribe Zu11eg Subscribe Zu15eg Subscribe Zu17eg Subscribe Zu19eg Subscribe Zu1cg Subscribe Zu1eg Subscribe Zu21dr Subscribe Zu25dr Subscribe Zu27dr Subscribe Zu28dr Subscribe Zu29dr Subscribe Zu2cg Subscribe Zu2eg Subscribe Zu39dr Subscribe Zu3cg Subscribe Zu3eg Subscribe Zu3tcg Subscribe Zu3teg Subscribe Zu42dr Subscribe Zu43dr Subscribe Zu46dr Subscribe Zu47dr Subscribe Zu48dr Subscribe Zu49dr Subscribe Zu4cg Subscribe Zu4eg Subscribe Zu4ev Subscribe Zu5cg Subscribe Zu5eg Subscribe Zu5ev Subscribe Zu63dr Subscribe Zu64dr Subscribe Zu65dr Subscribe Zu67dr Subscribe Zu6cg Subscribe Zu6eg Subscribe Zu7cg Subscribe Zu7eg Subscribe Zu7ev Subscribe Zu9cg Subscribe Zu9eg Subscribe
Arm Subscribe	Trusted Firmware-a Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2023-35650	Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8002

History

Wed, 27 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Amd Amd trusted Firmware-a Amd zu11eg Amd zu15eg Amd zu17eg Amd zu19eg Amd zu1cg Amd zu1eg Amd zu21dr Amd zu25dr Amd zu27dr Amd zu28dr Amd zu29dr Amd zu2cg Amd zu2eg Amd zu39dr Amd zu3cg Amd zu3eg Amd zu3tcg Amd zu3teg Amd zu42dr Amd zu43dr Amd zu46dr Amd zu47dr Amd zu48dr Amd zu49dr Amd zu4cg Amd zu4eg Amd zu4ev Amd zu5cg Amd zu5eg Amd zu5ev Amd zu63dr Amd zu64dr Amd zu65dr Amd zu67dr Amd zu6cg Amd zu6eg Amd zu7cg Amd zu7eg Amd zu7ev Amd zu9cg Amd zu9eg Arm Arm trusted Firmware-a
Weaknesses		CWE-125
CPEs		cpe:2.3:h:amd:zu11eg:-:::::::* cpe:2.3:h:amd:zu15eg:-:::::::* cpe:2.3:h:amd:zu17eg:-:::::::* cpe:2.3:h:amd:zu19eg:-:::::::* cpe:2.3:h:amd:zu1cg:-:::::::* cpe:2.3:h:amd:zu1eg:-:::::::* cpe:2.3:h:amd:zu21dr:-:::::::* cpe:2.3:h:amd:zu25dr:-:::::::* cpe:2.3:h:amd:zu27dr:-:::::::* cpe:2.3:h:amd:zu28dr:-:::::::* cpe:2.3:h:amd:zu29dr:-:::::::* cpe:2.3:h:amd:zu2cg:-:::::::* cpe:2.3:h:amd:zu2eg:-:::::::* cpe:2.3:h:amd:zu39dr:-:::::::* cpe:2.3:h:amd:zu3cg:-:::::::* cpe:2.3:h:amd:zu3eg:-:::::::* cpe:2.3:h:amd:zu3tcg:-:::::::* cpe:2.3:h:amd:zu3teg:-:::::::* cpe:2.3:h:amd:zu42dr:-:::::::* cpe:2.3:h:amd:zu43dr:-:::::::* cpe:2.3:h:amd:zu46dr:-:::::::* cpe:2.3:h:amd:zu47dr:-:::::::* cpe:2.3:h:amd:zu48dr:-:::::::* cpe:2.3:h:amd:zu49dr:-:::::::* cpe:2.3:h:amd:zu4cg:-:::::::* cpe:2.3:h:amd:zu4eg:-:::::::* cpe:2.3:h:amd:zu4ev:-:::::::* cpe:2.3:h:amd:zu5cg:-:::::::* cpe:2.3:h:amd:zu5eg:-:::::::* cpe:2.3:h:amd:zu5ev:-:::::::* cpe:2.3:h:amd:zu63dr:-:::::::* cpe:2.3:h:amd:zu64dr:-:::::::* cpe:2.3:h:amd:zu65dr:-:::::::* cpe:2.3:h:amd:zu67dr:-:::::::* cpe:2.3:h:amd:zu6cg:-:::::::* cpe:2.3:h:amd:zu6eg:-:::::::* cpe:2.3:h:amd:zu7cg:-:::::::* cpe:2.3:h:amd:zu7eg:-:::::::* cpe:2.3:h:amd:zu7ev:-:::::::* cpe:2.3:h:amd:zu9cg:-:::::::* cpe:2.3:h:amd:zu9eg:-:::::::* cpe:2.3:o:amd:trusted_firmware-a:::::::: cpe:2.3:o:arm:trusted_firmware-a::::::::
Vendors & Products		Amd Amd trusted Firmware-a Amd zu11eg Amd zu15eg Amd zu17eg Amd zu19eg Amd zu1cg Amd zu1eg Amd zu21dr Amd zu25dr Amd zu27dr Amd zu28dr Amd zu29dr Amd zu2cg Amd zu2eg Amd zu39dr Amd zu3cg Amd zu3eg Amd zu3tcg Amd zu3teg Amd zu42dr Amd zu43dr Amd zu46dr Amd zu47dr Amd zu48dr Amd zu49dr Amd zu4cg Amd zu4eg Amd zu4ev Amd zu5cg Amd zu5eg Amd zu5ev Amd zu63dr Amd zu64dr Amd zu65dr Amd zu67dr Amd zu6cg Amd zu6eg Amd zu7cg Amd zu7eg Amd zu7ev Amd zu9cg Amd zu9eg Arm Arm trusted Firmware-a

Thu, 15 Aug 2024 16:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 13 Aug 2024 17:15:00 +0000

Type	Values Removed	Values Added
Description		Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.
Weaknesses		CWE-20
References		https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8002
Metrics		cvssV3_1 `{'score': 4.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2024-08-13T16:56:22.024Z

Updated: 2024-08-15T15:18:21.699Z

Reserved: 2023-04-27T15:25:41.425Z

Link: CVE-2023-31339

Vulnrichment

Updated: 2024-08-15T15:18:09.148Z

NVD

Status : Analyzed

Published: 2024-08-13T17:15:20.870

Modified: 2024-11-27T15:55:02.843

Link: CVE-2023-31339

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object