Improper Access Control Vulnerability in AMD DRTM Firmware
CVE-2023-31331

3LOW

Key Information:

Vendor
Amd
Status
Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics
Amd Ryzen™ 7000 Series Desktop Processors
Amd Ryzen™ 4000 Series Desktop Processor With Radeon™ Graphics
Amd Ryzen™ 8000 Series Processor With Radeon™ Graphics
Vendor
CVE Published:
11 February 2025

Summary

This vulnerability involves improper access control in the DRTM firmware developed by AMD. Privileged attackers could exploit this flaw to perform multiple driver initializations, leading to stack memory corruption. The potential consequences of this vulnerability include loss of integrity and availability of the system, posing significant security risks to users. Timely updates and patches are recommended to mitigate these risks.

Affected Version(s)

AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics ComboAM4v2PI 1.2.0.CA

AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics RenoirPI-FP6 1.0.0.D

AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics ComboAM4v2PI 1.2.0.CA

References

https://www.amd.com/en/resources/product-security/bulleti...
https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:
3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.