CVE-2023-31313

Summary

An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Instinct™ MI210ROCm 6.4.2unaffected
AMDAMD Instinct™ MI250ROCm 6.4.2unaffected

Weaknesses

  • CWE-441: CWE-441 Unintended Proxy or Intermediary (?Confused Deputy?)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References