Updated: 2025-08-19 15:46:27.742272
Description:
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | linux-firmware | 20230310 | 7.5 | HIGH | Released | CLSA-2024:1729015920 | 2024-10-15 14:34:25 | Not affected. CVE-2023-31315 is an AMD processor vulnerability in SMM MSR validation and is exploita... |
| AlmaLinux 9.2 ESU | microcode_ctl | 20220809 | 7.5 | HIGH | Not Vulnerable | 2024-11-04 10:23:27 | Not affected. CVE-2023-31315 is an AMD processor vulnerability in SMM MSR validation and is exploita... | |
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.5 | HIGH | Not Vulnerable | 2025-09-11 21:57:23 | Not affected. CVE-2023-31315 is an AMD processor vulnerability in SMM MSR validation and is exploita... | |
| CentOS 6 ELS | linux-firmware | 20171128-56 | 7.5 | HIGH | Not Vulnerable | 2024-08-15 14:27:14 | Not vulnerable: CVE-2023-31315 is an SMM/MSR validation flaw in CPU microcode and is addressed via p... | |
| CentOS 6 ELS | microcode_ctl | 1.17-33.29 | 7.5 | HIGH | Released | CLSA-2024:1728582568 | 2024-10-25 01:13:33 | Not vulnerable: CVE-2023-31315 is an SMM/MSR validation flaw in CPU microcode and is addressed via p... |
| CentOS 7 ELS | kernel | 3.10.0 | 7.5 | HIGH | Not Vulnerable | 2025-10-31 11:50:14 | Not vulnerable: CVE-2023-31315 is an AMD processor microcode/SMM flaw (“SinkClose”) remediated v... | |
| CentOS 7 ELS | linux-firmware | 20200421-80 | 7.5 | HIGH | Released | CLSA-2024:1727288321 | 2024-10-07 10:57:43 | Not vulnerable: CVE-2023-31315 is an AMD processor microcode/SMM flaw (“SinkClose”) remediated v... |
| CentOS 7 ELS | microcode_ctl | 2.1 | 7.5 | HIGH | Not Vulnerable | 2025-11-17 14:53:27 | Not vulnerable: CVE-2023-31315 is an AMD processor microcode/SMM flaw (“SinkClose”) remediated v... | |
| CentOS 8.4 ELS | microcode_ctl | 20210216-1 | 7.5 | HIGH | Not Vulnerable | 2024-10-11 10:45:00 | Not affected: CVE-2023-31315 is an AMD CPU firmware vulnerability (SMM/SMI‑lock MSR handling) addr... | |
| CentOS 8.4 ELS | kernel | 4.18.0 | 7.5 | HIGH | Not Vulnerable | 2024-10-31 05:29:34 | Not affected: CVE-2023-31315 is an AMD CPU firmware vulnerability (SMM/SMI‑lock MSR handling) addr... |