Improper Access Control Vulnerability in AMD DRTM Firmware
CVE-2023-31331

3LOW

Key Information:

Vendor: Amd
Status: Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics; Amd Ryzen™ 7000 Series Desktop Processors; Amd Ryzen™ 4000 Series Desktop Processor With Radeon™ Graphics; Amd Ryzen™ 8000 Series Processor With Radeon™ Graphics
Vendor: CVE Published:; 11 February 2025

What is CVE-2023-31331?

This vulnerability involves improper access control in the DRTM firmware developed by AMD. Privileged attackers could exploit this flaw to perform multiple driver initializations, leading to stack memory corruption. The potential consequences of this vulnerability include loss of integrity and availability of the system, posing significant security risks to users. Timely updates and patches are recommended to mitigate these risks.

Affected Version(s)

AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics ComboAM4v2PI 1.2.0.CA

AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics RenoirPI-FP6 1.0.0.D

AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics ComboAM4v2PI 1.2.0.CA

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Apr 27, 2023

Amd

What is CVE-2023-31331?

Affected Version(s)

References

CVSS V3.1

Timeline