CVE-2023-31307
LOWDescription
Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| amd | radeon_software |
| amd | radeon_rx_6300m |
| amd | radeon_rx_6400 |
| amd | radeon_rx_6450m |
| amd | radeon_rx_6500_xt |
| amd | radeon_rx_6500m |
| amd | radeon_rx_6550m |
| amd | radeon_rx_6550s |
| amd | radeon_rx_6600 |
| amd | radeon_rx_6600_xt |
| amd | radeon_rx_6600m |
| amd | radeon_rx_6600s |
| amd | radeon_rx_6650_xt |
| amd | radeon_rx_6650m |
| amd | radeon_rx_6650m_xt |
| amd | radeon_rx_6700 |
| amd | radeon_rx_6700_xt |
| amd | radeon_rx_6700m |
| amd | radeon_rx_6700s |
| amd | radeon_rx_6750_gre |
| amd | radeon_rx_6750_xt |
| amd | radeon_rx_6800 |
| amd | radeon_rx_6800_xt |
| amd | radeon_rx_6800m |
| amd | radeon_rx_6800s |
| amd | radeon_rx_6850m_xt |
| amd | radeon_rx_6900_xt |
| amd | radeon_rx_6950_xt |
| amd | radeon_software |
| amd | radeon_pro_w6300 |
| amd | radeon_pro_w6400 |
| amd | radeon_pro_w6600 |
| amd | radeon_pro_w6800 |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2023-31307? +
How severe is CVE-2023-31307? +
What products are affected by CVE-2023-31307? +
How do I check if I'm vulnerable to CVE-2023-31307? +
Related Vulnerabilities
A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380, allows malformed packets to be sent …
Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and …
Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting …
Memory corruption while parsing the ML IE due to invalid frame content.
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, …
FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers …