CVE-2023-31315

Publication date 12 August 2024

Last updated 21 October 2024


Ubuntu priority

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.

From the Ubuntu Security Team

Enrique Nissim and Krzysztof Okupski discovered that some AMD processors did not properly restrict access to the System Management Mode (SMM) configuration when the SMM Lock was enabled. A privileged local attacker could possibly use this issue to further escalate their privileges and execute arbitrary code within the processor's firmware layer.

Read the notes from the security team

Status

Package Ubuntu Release Status
amd64-microcode 24.10 oracular
Fixed 3.20240116.2+nmu1ubuntu1.1
24.04 LTS noble
Fixed 3.20231019.1ubuntu2.1
22.04 LTS jammy
Fixed 3.20191218.1ubuntu2.3
20.04 LTS focal
Fixed 3.20191218.1ubuntu1.3
18.04 LTS bionic
Fixed 3.20191021.1+really3.20181128.1~ubuntu0.18.04.1+esm3
16.04 LTS xenial
Fixed 3.20191021.1+really3.20180524.1~ubuntu0.16.04.2+esm3
14.04 LTS trusty Ignored processor not supported during LTS

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro

Notes


alexmurray

The affected processors were only released after the LTS period for Ubuntu 14.04 finished so there should be no affected machines running Ubuntu 14.04 hence this will not be patched in that release.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
amd64-microcode