CVE-2023-31347 in 3rd Gen EPYC Processors
Summary
by MITRE • 02/13/2024
Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 08/24/2025
The vulnerability identified as CVE-2023-31347 resides within the Secure_TSC implementation of AMD's Secure Encrypted Virtualization (SEV) firmware, representing a critical flaw in the virtualization security infrastructure that could compromise guest system integrity. This issue manifests when Secure TSC functionality is enabled, creating a scenario where an attacker with elevated privileges can manipulate the Time Stamp Counter values observed by guest operating systems. The vulnerability specifically targets the synchronization mechanisms between the hypervisor and guest environments, undermining the fundamental security assumptions that govern virtualized computing environments.
The technical flaw stems from a code bug within the Secure_TSC module that fails to properly validate or enforce TSC value consistency across the virtualized execution environment. When Secure TSC is enabled, the firmware should maintain accurate time measurements that are consistent between the host and guest systems, but this validation mechanism contains a critical oversight that allows privilege-escalated attackers to observe incorrect TSC values. This discrepancy creates opportunities for timing-based attacks and can potentially be exploited to infer sensitive information about the underlying system state or to bypass security controls that rely on accurate time measurements. The vulnerability operates at the intersection of hardware virtualization security and firmware-level integrity controls, making it particularly dangerous in cloud computing and multi-tenant environments where guest isolation is paramount.
The operational impact of CVE-2023-31347 extends beyond simple time measurement inaccuracies, as incorrect TSC values can compromise the integrity of cryptographic operations, timing-based security mechanisms, and the overall trust model of the virtualized environment. Attackers could potentially exploit this vulnerability to perform cache timing attacks, side-channel analysis, or to manipulate security-sensitive applications that depend on precise timing measurements. The vulnerability particularly affects systems utilizing AMD SEV technology, where guest systems are expected to maintain integrity and confidentiality through hardware-enforced isolation mechanisms. This flaw undermines the fundamental security assurances provided by SEV, potentially allowing attackers to gain unauthorized insights into other guest VMs or the underlying host system, and could enable privilege escalation attacks that compromise the entire virtualization infrastructure.
Mitigation strategies for CVE-2023-31347 require immediate firmware updates from AMD to address the underlying code bug in the Secure_TSC implementation, alongside operational measures such as disabling Secure TSC functionality until patches are deployed. Organizations should also implement monitoring solutions to detect anomalous TSC behavior that might indicate exploitation attempts, and consider alternative virtualization security mechanisms that do not rely on the vulnerable Secure_TSC functionality. The vulnerability aligns with CWE-248, which addresses "Uncaught Exception" conditions in software systems, and represents a specific instance of improper exception handling in security-critical firmware components. From an ATT&CK framework perspective, this vulnerability maps to techniques involving privilege escalation and information gathering, potentially enabling adversaries to establish persistent access or conduct advanced persistent threat operations within virtualized environments. System administrators should prioritize patch management for affected AMD SEV implementations and conduct thorough security assessments to ensure that virtualization environments maintain their integrity guarantees.