CVE-2023-31356

Опубликовано: 13 авг. 2024

Источник: redhat

CVSS3: 4.4

EPSS Низкий

Описание

Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.

A flaw was found in hw in the SNP-SEV firmware. This flaw could allow a privileged attacker to corrupt a guest's private memory, potentially resulting in the loss of data integrity of the guest.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	linux-firmware	Not affected
Red Hat Enterprise Linux 7	linux-frmware	Not affected
Red Hat Enterprise Linux 8	linux-firmware	Fixed	RHSA-2024:7481	02.10.2024
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	linux-firmware	Fixed	RHSA-2024:7418	01.10.2024
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	linux-firmware	Fixed	RHSA-2024:7418	01.10.2024
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	linux-firmware	Fixed	RHSA-2024:7418	01.10.2024
Red Hat Enterprise Linux 8.8 Extended Update Support	linux-firmware	Fixed	RHSA-2024:7482	02.10.2024
Red Hat Enterprise Linux 9	linux-firmware	Fixed	RHSA-2024:7484	02.10.2024
Red Hat Enterprise Linux 9.2 Extended Update Support	linux-firmware	Fixed	RHSA-2024:7483	02.10.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=2304593kernel: hw:amd: Incomplete system memory cleanup in SEV firmware corrupt guest private memory

EPSS

Процентиль: 13%

0.00044

Низкий

4.4 Medium

CVSS3

Связанные уязвимости

CVE-2023-31356

CVSS3: 4.4

ubuntu

10 месяцев назад

Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.

CVE-2023-31356

CVSS3: 4.4

nvd

10 месяцев назад

Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.

CVE-2023-31356

CVSS3: 4.4

debian

10 месяцев назад

Incomplete system memory cleanup in SEV firmware could allow a privile ...

GHSA-3w7r-v4fr-r43w

CVSS3: 4.4

github

10 месяцев назад

Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.

ELSA-2024-12797

oracle-oval

8 месяцев назад

ELSA-2024-12797: linux-firmware security update (MODERATE)

EPSS

Процентиль: 13%

0.00044

Низкий

4.4 Medium

CVSS3