Firmware Vulnerability Could Lead to Integrity and Availability Losses
CVE-2023-31310
5MEDIUM
Key Information:
- Vendor
- Amd
- Vendor
- CVE Published:
- 13 August 2024
Summary
The vulnerability arises from improper input validation within AMD's Power Management Firmware (PMFW). This flaw could allow an attacker with sufficient privileges to send malformed input to the 'set temperature input selection' command. Exploiting this vulnerability could lead to a compromise of data integrity and possibly disrupt the availability of the system, making it critical for users and administrators to be aware of the risks associated with the outdated firmware.
Affected Version(s)
AMD Radeon™ PRO W6000 Series Graphics Cards AMD Software: PRO Edition 23.Q4 (23.30.13.03)
AMD Radeon™ RX 6000 Series Graphics Cards AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)
References
CVSS V3.1
Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved