CVE-2023-31355
CVSS 3.1 Score 6.0 of 10 (medium)
Details
Published Aug 5, 2024
Updated: Aug 6, 2024
CWE ID 119
Summary
CVE-2023-31355 is a vulnerability affecting SNP firmware that allows for improper restriction of write operations. This issue can enable a malicious hypervisor to overwrite a guest's UMC seed, potentially leading to the reading of memory from a decommissioned guest. This vulnerability could result in significant data exposure if exploited, making it a potential threat to organizations using SNP firmware. It is crucial that organizations apply the necessary patches to mitigate this risk and secure their systems against potential attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share