CVE-2023-31313 PUBLISHED

Assigner: AMD
Reserved: 27.04.2023 Published: 12.02.2026 Updated: 12.02.2026

An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
CVSS Score: 7.2

Attack Vector	Local	Scope	Changed
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	High	Integrity Impact	High
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	AMD
Product	AMD Instinct™ MI210
Versions	Default: affected Version ROCm 6.4.2 is unaffected

Vendor	AMD
Product	AMD Instinct™ MI250
Versions	Default: affected Version ROCm 6.4.2 is unaffected

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html

Problem Types

CWE-441 Unintended Proxy or Intermediary (?Confused Deputy?) CWE