CVE-2023-31360

High

Published: 11 February 2025

Published

11 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0004 11.9th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Incorrect default permissions in the AMD Integrated Management Technology (AIM-T) Manageability Service installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Security Summary

CVE-2023-31360 involves incorrect default permissions in the installation directory of the AMD Integrated Management Technology (AIM-T) Manageability Service. This vulnerability, classified under CWE-276, affects the AIM-T Manageability Service component on AMD systems and was published on 2025-02-11.

The vulnerability has a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). A local attacker with low privileges can exploit the improper permissions, requiring user interaction, to achieve privilege escalation and potentially execute arbitrary code with elevated privileges.

AMD Security Bulletin AMD-SB-9012 provides details on mitigation and patches: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9012.html.

Details

CWE(s): CWE-276

References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9012.html
psirt@amd.com