CVE-2023-31307

MEDIUM EPSS 4.9%

Published Aug 13, 20241y ago · Modified Jun 17, 20261w ago

4.4 CVSS 3.1

Medium

Published Aug 13, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.

CVSS Details

Base Score

4.4

Exploitability

0.8

Impact

3.6

Vector string

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality None

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

4.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-129

Affected Products 33

Vendor	Product	Version	Range
amd	radeon_software	*	<23.12.1
amd	radeon_rx_6300m	*	any
amd	radeon_rx_6400	*	any
amd	radeon_rx_6450m	*	any
amd	radeon_rx_6500_xt	*	any
amd	radeon_rx_6500m	*	any
amd	radeon_rx_6550m	*	any
amd	radeon_rx_6550s	*	any
amd	radeon_rx_6600	*	any
amd	radeon_rx_6600_xt	*	any
amd	radeon_rx_6600m	*	any
amd	radeon_rx_6600s	*	any
amd	radeon_rx_6650_xt	*	any
amd	radeon_rx_6650m	*	any
amd	radeon_rx_6650m_xt	*	any
amd	radeon_rx_6700	*	any
amd	radeon_rx_6700_xt	*	any
amd	radeon_rx_6700m	*	any
amd	radeon_rx_6700s	*	any
amd	radeon_rx_6750_gre	*	any
amd	radeon_rx_6750_xt	*	any
amd	radeon_rx_6800	*	any
amd	radeon_rx_6800_xt	*	any
amd	radeon_rx_6800m	*	any
amd	radeon_rx_6800s	*	any
amd	radeon_rx_6850m_xt	*	any
amd	radeon_rx_6900_xt	*	any
amd	radeon_rx_6950_xt	*	any
amd	radeon_software	*	≤23.q4
amd	radeon_pro_w6300	*	any
amd	radeon_pro_w6400	*	any
amd	radeon_pro_w6600	*	any
amd	radeon_pro_w6800	*	any

References 1

amd.com https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.