CVE-2023-31309

MEDIUM

Amd Radeon™ RX 6000 Series Graphics Products - Improper Validation of Array Index

Title source: rule

Description

Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability.

References (1)

Core 1

Core References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html

Scores

CVSS v4 6.8

EPSS 0.0002

EPSS Percentile 4.5%

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-129

Status published

Products (4)

AMD/AMD Radeon™ PRO V520 Contact your AMD Customer Engineering representative

AMD/AMD Radeon™ PRO V620 Contact your AMD Customer Engineering representative

AMD/AMD Radeon™ PRO W6000 Series Graphics Products AMD Software: PRO Edition 23.Q4

AMD/AMD Radeon™ RX 6000 Series Graphics Products AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)

Published May 15, 2026

Tracked Since May 15, 2026