CVE-2023-31307

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-31307
Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.

2.3 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:amd:radeon_software:*:*:*:*:adrenalin:*:*:*
OR cpe:2.3:h:amd:radeon_rx_6300m:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6400:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6450m:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6500_xt:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6500m:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6550m:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6550s:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6600:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6600_xt:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6600m:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6600s:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6650_xt:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6650m:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6650m_xt:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6700:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6700_xt:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6700m:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6700s:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6750_gre:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6750_xt:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6800:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6800_xt:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6800m:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6800s:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6850m_xt:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6900_xt:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_6950_xt:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:amd:radeon_software:*:*:*:*:pro:*:*:*
OR cpe:2.3:h:amd:radeon_pro_w6300:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_pro_w6400:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_pro_w6600:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_pro_w6800:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-08-13 17:15

Updated : 2024-12-13 16:30

NVD link : CVE-2023-31307

Mitre link : CVE-2023-31307

CVE.ORG link : CVE-2023-31307

JSON object : View

Products Affected

amd

  • radeon_pro_w6600
  • radeon_rx_6600s
  • radeon_rx_6800m
  • radeon_rx_6950_xt
  • radeon_rx_6600
  • radeon_rx_6650m_xt
  • radeon_rx_6450m
  • radeon_rx_6800s
  • radeon_rx_6700m
  • radeon_rx_6750_xt
  • radeon_rx_6300m
  • radeon_rx_6900_xt
  • radeon_pro_w6800
  • radeon_rx_6550s
  • radeon_rx_6650m
  • radeon_rx_6500_xt
  • radeon_rx_6800_xt
  • radeon_rx_6600m
  • radeon_rx_6800
  • radeon_rx_6700_xt
  • radeon_pro_w6300
  • radeon_rx_6550m
  • radeon_rx_6600_xt
  • radeon_rx_6750_gre
  • radeon_pro_w6400
  • radeon_rx_6650_xt
  • radeon_rx_6700
  • radeon_software
  • radeon_rx_6400
  • radeon_rx_6700s
  • radeon_rx_6500m
  • radeon_rx_6850m_xt
CWE
CWE-129

Improper Validation of Array Index