CVE-2023-31309 PUBLISHED

Assigner: AMD
Reserved: 27.04.2023 Published: 15.05.2026 Updated: 15.05.2026

Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
CVSS Score: 6.8

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	None	Availability	Low	Availability	None
Privileges Required	High
User Interaction	None

CVSS 4.0

Product Status

Vendor	AMD
Product	AMD Radeon™ RX 6000 Series Graphics Products
Versions	Default: affected Version AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01) is unaffected

Vendor	AMD
Product	AMD Radeon™ PRO W6000 Series Graphics Products
Versions	Default: affected Version AMD Software: PRO Edition 23.Q4 is unaffected

Vendor	AMD
Product	AMD Radeon™ PRO V520
Versions	Default: affected Version Contact your AMD Customer Engineering representative is unaffected

Vendor	AMD
Product	AMD Radeon™ PRO V620
Versions	Default: affected Version Contact your AMD Customer Engineering representative is unaffected

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html

Problem Types

CWE-129 Improper Validation of Array Index CWE