Lucene search

AMDVULNRICHMENT:CVE-2023-31310

HistoryAug 13, 2024 - 4:54 p.m.

CVE-2023-31310

2024-08-1316:54:05

AMD

github.com

input validation

power management firmware

set temperature input

integrity loss

availability loss

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

AI Score

6.9

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the “set temperature input selection” command, potentially resulting in a loss of integrity and/or availability.

CNA Affected

[
  {
    "vendor": "AMD",
    "product": "AMD Radeon™ RX 6000 Series Graphics Cards",
    "versions": [
      {
        "status": "unaffected",
        "version": "AMD Software:  Adrenalin Edition 23.12.1 (23.30.13.01)"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "AMD",
    "product": "AMD Radeon™ PRO W6000 Series Graphics Cards",
    "versions": [
      {
        "status": "unaffected",
        "version": "AMD Software:  PRO Edition 23.Q4 (23.30.13.03)"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

AI Score

6.9

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-31310