CVE-2023-31306

Summary

Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Radeon™ RX 5000 Series Graphics ProductsNo fix plannedunaffected
AMDAMD Radeon™ PRO W5000 Series Graphics ProductsNo fix plannedunaffected
AMDAMD Radeon™ RX 6000 Series Graphics ProductsAMD Software: Adrenalin Edition 24.10.1 (24.20.19.01)unaffected
AMDAMD Radeon™ PRO W6000 Series Graphics ProductsAMD Software: PRO Edition 24.Q4 (24.20.30)unaffected
AMDAMD Radeon™ PRO V520 Graphics ProductsContact your AMD Customer Engineering representativeunaffected
AMDAMD Radeon™ PRO V620 Graphics ProductsContact your AMD Customer Engineering representativeunaffected

Weaknesses

  • CWE-129: CWE-129 Improper Validation of Array Index

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References