Weak Initialization Vector Generations May Lead to Information Disclosure
CVE-2023-31305
1.9LOW
Key Information:
- Vendor
- Amd
- Status
- Amd Radeon™ Rx 6000 Series Graphics Cards
- Amd Radeon™ Pro W6000 Series Graphics Cards
- Vendor
- CVE Published:
- 13 August 2024
Summary
The Power Management Firmware developed by AMD is affected by a vulnerability related to the generation of weak and predictable Initialization Vector (IV). An attacker with the necessary privileges can exploit this weakness by reusing IV values, enabling them to potentially reverse-engineer sensitive debug data. This could lead to unauthorized access to confidential information and pose a significant threat to system integrity.
Affected Version(s)
AMD Radeon™ PRO W6000 Series Graphics Cards AMD Software: PRO Edition 23.Q4 (23.30.13.03)
AMD Radeon™ RX 6000 Series Graphics Cards AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)
References
CVSS V3.1
Score:
1.9
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database