Insufficient DRAM Address Validation May Lead to Data Corruption or Denial of Service
CVE-2023-20510

6MEDIUM

Key Information:

Vendor
Amd
Status
Amd Radeon™ Rx 6000 Series Graphics Cards
Amd Radeon™ Pro W6000 Series Graphics Cards
Vendor
CVE Published:
13 August 2024

Summary

The vulnerability involves an insufficient validation process for DRAM addresses within AMD's PMFW. A potential attacker with elevated privileges may exploit this weakness to read data from an unauthorized DRAM address, which can lead to significant issues such as data corruption or service disruptions. It highlights the critical need for robust validation mechanisms in memory handling to safeguard against unauthorized access and ensure system stability.

Affected Version(s)

AMD Radeon™ PRO W6000 Series Graphics Cards AMD Software: PRO Edition 23.Q4 (23.30.13.03)

AMD Radeon™ RX 6000 Series Graphics Cards AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.