CVE-2023-31307

LOW
Published Aug 13, 2024 Modified Dec 13, 2024 CWE-129

Description

Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.

CVSS v3.1 Score

2.3
LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Weakness Type (CWE)

CWE-129 CWE-129

Affected Products

Vendor Product
amd radeon_software
amd radeon_rx_6300m
amd radeon_rx_6400
amd radeon_rx_6450m
amd radeon_rx_6500_xt
amd radeon_rx_6500m
amd radeon_rx_6550m
amd radeon_rx_6550s
amd radeon_rx_6600
amd radeon_rx_6600_xt
amd radeon_rx_6600m
amd radeon_rx_6600s
amd radeon_rx_6650_xt
amd radeon_rx_6650m
amd radeon_rx_6650m_xt
amd radeon_rx_6700
amd radeon_rx_6700_xt
amd radeon_rx_6700m
amd radeon_rx_6700s
amd radeon_rx_6750_gre
amd radeon_rx_6750_xt
amd radeon_rx_6800
amd radeon_rx_6800_xt
amd radeon_rx_6800m
amd radeon_rx_6800s
amd radeon_rx_6850m_xt
amd radeon_rx_6900_xt
amd radeon_rx_6950_xt
amd radeon_software
amd radeon_pro_w6300
amd radeon_pro_w6400
amd radeon_pro_w6600
amd radeon_pro_w6800

References

Frequently Asked Questions

What is CVE-2023-31307? +
Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service. It has a CVSS v3.1 base score of 2.3 (LOW).
How severe is CVE-2023-31307? +
CVE-2023-31307 has a CVSS v3.1 score of 2.3 out of 10, rated LOW. This is a low-severity vulnerability with limited impact.
What products are affected by CVE-2023-31307? +
CVE-2023-31307 affects products from amd, specifically: radeon_pro_w6300, radeon_pro_w6400, radeon_pro_w6600, radeon_pro_w6800, radeon_rx_6300m, radeon_rx_6400, radeon_rx_6450m, radeon_rx_6500_xt, radeon_rx_6500m, radeon_rx_6550m, radeon_rx_6550s, radeon_rx_6600, radeon_rx_6600_xt, radeon_rx_6600m, radeon_rx_6600s, radeon_rx_6650_xt, radeon_rx_6650m, radeon_rx_6650m_xt, radeon_rx_6700, radeon_rx_6700_xt, radeon_rx_6700m, radeon_rx_6700s, radeon_rx_6750_gre, radeon_rx_6750_xt, radeon_rx_6800, radeon_rx_6800_xt, radeon_rx_6800m, radeon_rx_6800s, radeon_rx_6850m_xt, radeon_rx_6900_xt, radeon_rx_6950_xt, radeon_software. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2023-31307? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2023-31307 — free, no signup required.

Start Free Scan