CVE-2023-31339: Input Validation
First published: Tue Aug 13 2024(Updated: )
Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.
Credit: psirt@amd.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Any of | ||
| ARM Trusted Firmware-A | <2023.2 | |
| ARM Trusted Firmware-A | <2.10.1 | |
| Any of | ||
| AMD ZU11EG | ||
| Amd Zu15eg | ||
| Amd Zu17eg Firmware | ||
| Amd Zu19eg Firmware | ||
| Amd Zu1cg Firmware | ||
| Amd Zu1eg | ||
| Amd Zu21dr | ||
| Amd Zu25dr Firmware | ||
| Amd Zu27dr Firmware | ||
| Amd Zu28dr Firmware | ||
| Amd Zu29dr Firmware | ||
| Amd Zu2cg Firmware | ||
| Amd Zu2eg | ||
| Amd Zu39dr Firmware | ||
| Amd Zu3cg | ||
| Amd Zu3eg | ||
| Amd Zu3tcg Firmware | ||
| Amd Zu3teg Firmware | ||
| Amd Zu42dr Firmware | ||
| Amd Zu43dr Firmware | ||
| Amd Zu46dr Firmware | ||
| Amd Zu47dr | ||
| Amd Zu48dr | ||
| Amd Zu49dr Firmware | ||
| Amd Zu4cg Firmware | ||
| Amd Zu4eg | ||
| Amd Zu4ev | ||
| Amd Zu5cg Firmware | ||
| Amd Zu5eg | ||
| Amd Zu5ev Firmware | ||
| Amd Zu63dr Firmware | ||
| Amd Zu64dr | ||
| Amd Zu65dr | ||
| Amd Zu67dr Firmware | ||
| Amd Zu6cg Firmware | ||
| Amd Zu6eg | ||
| Amd Zu7cg Firmware | ||
| Amd Zu7eg | ||
| Amd Zu7ev Firmware | ||
| Amd Zu9cg Firmware | ||
| Amd Zu9eg |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-31339?
CVE-2023-31339 is considered to have a medium severity due to potential data leakage and denial of service risks.
How do I fix CVE-2023-31339?
To fix CVE-2023-31339, you should update the ARM Trusted Firmware to a version higher than 2.10.1 or AMD Trusted Firmware-A to above 2023.2.
What types of attacks are possible due to CVE-2023-31339?
CVE-2023-31339 could allow a privileged attacker to perform out of bound reads leading to data exposure or denial of service.
Which devices are affected by CVE-2023-31339?
CVE-2023-31339 affects devices utilizing ARM Trusted Firmware in AMD's Zynq UltraScale+ MPSoC and RFSoC families.
Is there a patch available for CVE-2023-31339?
Yes, patches addressing CVE-2023-31339 are available in the updated versions of the ARM and AMD Trusted Firmware.
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/event
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/amd
- canonical/arm trusted firmware-a
- vendor/arm
- canonical/amd zu11eg
- canonical/amd zu15eg
- canonical/amd zu17eg firmware
- canonical/amd zu19eg firmware
- canonical/amd zu1cg firmware
- canonical/amd zu1eg
- canonical/amd zu21dr
- canonical/amd zu25dr firmware
- canonical/amd zu27dr firmware
- canonical/amd zu28dr firmware
- canonical/amd zu29dr firmware
- canonical/amd zu2cg firmware
- canonical/amd zu2eg
- canonical/amd zu39dr firmware
- canonical/amd zu3cg
- canonical/amd zu3eg
- canonical/amd zu3tcg firmware
- canonical/amd zu3teg firmware
- canonical/amd zu42dr firmware
- canonical/amd zu43dr firmware
- canonical/amd zu46dr firmware
- canonical/amd zu47dr
- canonical/amd zu48dr
- canonical/amd zu49dr firmware
- canonical/amd zu4cg firmware
- canonical/amd zu4eg
- canonical/amd zu4ev
- canonical/amd zu5cg firmware
- canonical/amd zu5eg
- canonical/amd zu5ev firmware
- canonical/amd zu63dr firmware
- canonical/amd zu64dr
- canonical/amd zu65dr
- canonical/amd zu67dr firmware
- canonical/amd zu6cg firmware
- canonical/amd zu6eg
- canonical/amd zu7cg firmware
- canonical/amd zu7eg
- canonical/amd zu7ev firmware
- canonical/amd zu9cg firmware
- canonical/amd zu9eg