CVE-2023-31305

Summary

Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Radeon™ RX 6000 Series Graphics CardsAMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)unaffected
AMDAMD Radeon™ PRO W6000 Series Graphics CardsAMD Software: PRO Edition 23.Q4 (23.30.13.03)unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References