Potential DMA Read Vulnerability in PMFW Could Lead to Data Integrity Loss
CVE-2023-20509
5.2MEDIUM
Summary
A flaw in AMD's PMFW involves inadequate validation of DRAM addresses, allowing a privileged attacker to execute a Direct Memory Access (DMA) read from addresses deemed invalid. This vulnerability poses a risk of data integrity loss by potentially exposing sensitive information, making it critical for users and organizations to assess their security measures and updates.
Affected Version(s)
AMD Radeon™ PRO W6000 Series Graphics Cards AMD Software: PRO Edition 23.Q4 (23.30.13.03)
AMD Radeon™ PRO W7000 Series Graphics Cards AMD Software: PRO Edition 23.Q4 (23.30.13.03)
AMD Radeon™ RX 6000 Series Graphics Cards AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)
References
CVSS V3.1
Score:
5.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database