Arbitrary Code Execution Vulnerability in AMD Power Management Firmware
CVE-2023-31313

7.2HIGH

Key Information:

Vendor: Amd
Status: Amd Instinct™ Mi210; Amd Instinct™ Mi250
Vendor: CVE Published:; 12 February 2026

What is CVE-2023-31313?

An unexpected proxy or intermediary in the AMD power management firmware may allow an attacker with privileges to craft and send malformed messages to the system management unit (SMU). This flaw potentially exposes the system to arbitrary code execution, posing significant risks to system integrity and confidentiality. Users are encouraged to review the security advisory for further details on mitigating actions.

Affected Version(s)

AMD Instinct™ MI210 ROCm 6.4.2

AMD Instinct™ MI250 ROCm 6.4.2

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2026
Vulnerability Reserved
Apr 27, 2023

CVE-2023-31313 Data

JSON

Amd

What is CVE-2023-31313?

Affected Version(s)

References

CVSS V3.1

Timeline