Bug 1219902 (CVE-2023-31346)

Summary: VUL-0: CVE-2023-31346: kernel-firmware: Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: thomas.leroy
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/393993/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-31346:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-02-14 08:24:16 UTC 
Failure to initialize
memory in SEV Firmware may allow a privileged attacker to access stale data
from other guests.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31346
https://www.cve.org/CVERecord?id=CVE-2023-31346
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007
Comment 1 Takashi Iwai 2024-02-20 16:34:02 UTC 
Judging from bsc#1219903 info, it seems about BIOS firmware.
Reassigned back to security team.
Comment 2 Thomas Leroy 2024-02-20 16:48:06 UTC 
Thanks Takashi. Closing