Lucene search

AMDCVE-2023-31304

HistoryAug 13, 2024 - 5:15 p.m.

CVE-2023-31304

2024-08-1317:15:20

AMD

web.nvd.nist.gov

improper input validation

smu

attacker privileges

physical function

pcie lane count

speed

availability

CVSS3

2.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.5%

JSON

Improper input validation in SMU may allow an attacker with privileges and a compromised physical function (PF) to modify the PCIe® lane count and speed, potentially leading to a loss of availability.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "AMD Radeon™ RX 6000 Series Graphics Cards",
    "vendor": "AMD",
    "versions": [
      {
        "status": "unaffected",
        "version": "AMD Software:  Adrenalin Edition 23.12.1 (23.30.13.01)"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "AMD Radeon™ PRO W6000 Series Graphics Cards",
    "vendor": "AMD",
    "versions": [
      {
        "status": "unaffected",
        "version": "AMD Software:  PRO Edition 23.Q4 (23.30.13.03)"
      }
    ]
  }
]

References

www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html

CVSS3

2.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.5%

JSON

Related for CVE-2023-31304