CVE-2023-31315

Publication date 12 August 2024

Last updated 12 August 2024

Ubuntu priority

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
amd64-microcode	24.04 LTS noble	Vulnerable
	22.04 LTS jammy	Vulnerable
	20.04 LTS focal	Vulnerable
	18.04 LTS bionic	Vulnerable
	16.04 LTS xenial	Vulnerable
	14.04 LTS trusty	Vulnerable

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
amd64-microcode	Upstream: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit?id=091bd5adf19c7ab01214c64689952acb4833b21d

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2023-31315
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit?id=091bd5adf19c7ab01214c64689952acb4833b21d