Potential Loss of Availability Due to Improper Input Validation in SMU
CVE-2023-31304
2.3LOW
Key Information:
- Vendor
- Amd
- Status
- Amd Radeon™ Rx 6000 Series Graphics Cards
- Amd Radeon™ Pro W6000 Series Graphics Cards
- Vendor
- CVE Published:
- 13 August 2024
Summary
The vulnerability in AMD's System Management Unit (SMU) arises from improper input validation, which can be exploited by an attacker with privileges who has compromised a physical function (PF). This flaw allows the manipulation of PCIe lane count and speed settings, which could lead to significant availability issues. Organizations utilizing affected AMD components must take precautionary measures to mitigate potential risks and ensure system integrity.
Affected Version(s)
AMD Radeon™ PRO W6000 Series Graphics Cards AMD Software: PRO Edition 23.Q4 (23.30.13.03)
AMD Radeon™ RX 6000 Series Graphics Cards AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)
References
CVSS V3.1
Score:
2.3
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database