CVE-2023-31326

LOW

ASP - Info Disclosure

Title source: llm

Description

Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from a trusted execution environment (TEE) driver, potentially leading to loss of confidentiality.

References (3)

[Vendor Advisory] https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html

[Vendor Advisory] https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html

[Vendor Advisory] https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html

Scores

CVSS v3 2.8

EPSS 0.0001

EPSS Percentile 1.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-457

Status published

Products (15)

AMD/AMD Instinct™ MI210 ROCm 6.4

AMD/AMD Instinct™ MI250 ROCm 6.4

AMD/AMD Radeon™ PRO V710 Graphics Products Contact your AMD Customer Engineering representative

AMD/AMD Radeon™ PRO W7000 Series Graphics Products AMD Software: PRO Edition 24.Q2 (24.10.20)

AMD/AMD Radeon™ RX 7000 Series Graphics Products AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)

AMD/AMD Ryzen™ 4000 Series Desktop Processors ComboAM4v2PI_1.2.0.CA

AMD/AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Renoir-FP6_ 1.0.0.D

AMD/AMD Ryzen™ 5000 Series Desktop Processors ComboAM4v2PI_1.2.0.CA

AMD/AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Cezanne-FP6_1.0.1.0

AMD/AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Rembrandt-FP7_1.0.0.A

... and 5 more

Published Sep 06, 2025

Tracked Since Feb 18, 2026