Improper Validation in Power Management Firmware Affects AMD Products
CVE-2023-31309

6.8MEDIUM

Key Information:

Vendor: Amd
Status: Amd Radeon™ Rx 6000 Series Graphics Products; Amd Radeon™ Pro W6000 Series Graphics Products; Amd Radeon™ Pro V520; Amd Radeon™ Pro V620
Vendor: CVE Published:; 15 May 2026

What is CVE-2023-31309?

A vulnerability exists in AMD's Power Management Firmware that stems from improper validation of workload arguments. This flaw could potentially be exploited by an attacker with appropriate privileges, allowing them to manipulate table data exported from the System Management Unit (SMU) to the Dynamic Random-Access Memory (DRAM). Such exploitation may lead to significant risks, including possible loss of data confidentiality and availability.

Affected Version(s)

AMD Radeon™ PRO V520 Contact your AMD Customer Engineering representative

AMD Radeon™ PRO V620 Contact your AMD Customer Engineering representative

AMD Radeon™ PRO W6000 Series Graphics Products AMD Software: PRO Edition 23.Q4

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
Apr 27, 2023

CVE-2023-31309 Data

JSON

Amd

What is CVE-2023-31309?

Affected Version(s)

References

CVSS V4

Timeline