VIR Vulnerability Intelligence Relay

CVE-2023-31339

medium
Published 2024-08-13 · Modified 2026-06-05
💬 Discuss on Community ✚ Propose mitigation
CVSS v3
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H
CVSS v4 NEW
not yet in upstream
VIR risk
5.8

Description

Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.

Predictions

Exploit likelihood
58%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact
VendorProductVersionsFixed
amd amdzu11eg-
amd amdzu15eg-
amd amdzu17eg-
amd amdzu19eg-
amd amdzu1cg-
amd amdzu1eg-
amd amdzu21dr-
amd amdzu25dr-
amd amdzu27dr-
amd amdzu28dr-
amd amdzu29dr-
amd amdzu2cg-
amd amdzu2eg-
amd amdzu39dr-
amd amdzu3cg-
amd amdzu3eg-
amd amdzu3tcg-
amd amdzu3teg-
amd amdzu42dr-
amd amdzu43dr-
amd amdzu46dr-
amd amdzu47dr-
amd amdzu48dr-
amd amdzu49dr-
amd amdzu4cg-
amd amdzu4eg-
amd amdzu4ev-
amd amdzu5cg-
amd amdzu5eg-
amd amdzu5ev-
amd amdzu63dr-
amd amdzu64dr-
amd amdzu65dr-
amd amdzu67dr-
amd amdzu6cg-
amd amdzu6eg-
amd amdzu7cg-
amd amdzu7eg-
amd amdzu7ev-
amd amdzu9cg-
amd amdzu9eg-
amd amdtrusted_firmware-a{"endExcluding":"2023.2"}2023.2

References

CWEs

CWE-20 CWE-125

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.