Uninitialized Variable Vulnerability in AMD Trusted Execution Environment Driver
CVE-2023-31326

2.8LOW

Key Information:

Vendor: Amd
Status: Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ 7030 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ 4000 Series Desktop Processors; Amd Ryzen™ 5000 Series Desktop Processors
Vendor: CVE Published:; 6 September 2025

What is CVE-2023-31326?

A vulnerability exists due to the use of an uninitialized variable in the AMD Trusted Execution Environment (TEE) driver. This flaw can enable an attacker to retrieve residual data from memory, which may lead to unauthorized access and potential loss of confidentiality of sensitive information. Organizations utilizing affected versions of the AMD TEE driver should take immediate steps to apply security patches and mitigate the risk.

Affected Version(s)

AMD Instinct™ MI210 ROCm 6.4

AMD Instinct™ MI250 ROCm 6.4

AMD Radeon™ PRO V710 Graphics Products Contact your AMD Customer Engineering representative

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

2.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2025
Vulnerability Reserved
Apr 27, 2023

Amd

What is CVE-2023-31326?

Affected Version(s)

References

CVSS V3.1

Timeline