Firmware Vulnerability Could Lead to Integrity and Availability Losses
CVE-2023-31310

5MEDIUM

Key Information:

Vendor: Amd
Status: Amd Radeon™ Rx 6000 Series Graphics Cards; Amd Radeon™ Pro W6000 Series Graphics Cards
Vendor: CVE Published:; 13 August 2024

Summary

The vulnerability arises from improper input validation within AMD's Power Management Firmware (PMFW). This flaw could allow an attacker with sufficient privileges to send malformed input to the 'set temperature input selection' command. Exploiting this vulnerability could lead to a compromise of data integrity and possibly disrupt the availability of the system, making it critical for users and administrators to be aware of the risks associated with the outdated firmware.

Affected Version(s)

AMD Radeon™ PRO W6000 Series Graphics Cards AMD Software: PRO Edition 23.Q4 (23.30.13.03)

AMD Radeon™ RX 6000 Series Graphics Cards AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Apr 27, 2023