CVE-2023-31315

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Aug 12, 2024
Updated: Aug 27, 2024
CWE ID 94

Summary

CVE-2023-31315 is a newly disclosed vulnerability that affects the secure boot process of certain systems. The issue stems from an improper validation mechanism in a model-specific register (MSR). A malicious program with ring0 access can manipulate this register while the System Management Interrupt (SMI) lock is engaged, permitting the attacker to alter the SMM configuration. This alteration may result in arbitrary code execution, posing a significant security risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share