Out-of-Bounds Read Vulnerability in AMD Products
CVE-2023-31330

2.5LOW

Key Information:

Vendor

Amd
Status
Amd Ryzen™ Threadripper™ 3000 Processors
Amd Ryzen™ Threadripper™ Pro 5000 Wx-series Processors
Amd Ryzen™ Threadripper™ Pro 3000 Wx-series Processors
Amd Ryzen™ Threadripper™ Pro 7000 Wx-series Processors
Vendor
CVE Published:
6 September 2025

What is CVE-2023-31330?

An out-of-bounds read vulnerability in the AMD Bootloader allows a privileged attacker, who has access to a malicious bootloader, to potentially read sensitive memory areas. This flaw raises significant security concerns as it could lead to unauthorized access to confidential information, compromising the integrity and confidentiality of the system.

Affected Version(s)

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Picasso-FP5_1.0.1.1

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Picasso-FP5_1.0.1.1

AMD Ryzen™ 3000 Series Desktop Processors ComboAM4PI_1.0.0.E

References

https://www.amd.com/en/resources/product-security/bulleti...
https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:
2.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-31330 : Out-of-Bounds Read Vulnerability in AMD Products