Lucene search

AMDCVELIST:CVE-2023-31310

HistoryAug 13, 2024 - 4:54 p.m.

CVE-2023-31310

2024-08-1316:54:05

AMD

www.cve.org

input validation

pmfw

temperature command

integrity

availability

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

EPSS

Percentile

9.5%

JSON

Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the “set temperature input selection” command, potentially resulting in a loss of integrity and/or availability.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "AMD Radeon™ RX 6000 Series Graphics Cards",
    "vendor": "AMD",
    "versions": [
      {
        "status": "unaffected",
        "version": "AMD Software:  Adrenalin Edition 23.12.1 (23.30.13.01)"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "AMD Radeon™ PRO W6000 Series Graphics Cards",
    "vendor": "AMD",
    "versions": [
      {
        "status": "unaffected",
        "version": "AMD Software:  PRO Edition 23.Q4 (23.30.13.03)"
      }
    ]
  }
]

References

www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

EPSS

Percentile

9.5%

JSON

Related for CVELIST:CVE-2023-31310