CVE-2023-31316
7.1
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L
Summary
Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next (VCN) firmware potentially impacting confidentiality, integrity, or availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics | Cezanne-FP6 1.0.1.0 | unaffected |
| AMD | AMD Ryzen™ 7000 Series Desktop Processors | ComboAM5PI 1.0.0.a | unaffected |
| AMD | AMD Ryzen™ 4000 Series Desktop Processors | ComboAM4v2 1.2.0.Ca | unaffected |
| AMD | AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics | ComboAM4v2 1.2.0.Ca | unaffected |
| AMD | AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics | PhoenixPI-FP8-FP7_1.1.0.0 | unaffected |
| AMD | AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics | Renoir-FP6 1.0.0.D | unaffected |
| AMD | AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics | Rembrandt-FP7 1.0.0.A | unaffected |
| AMD | AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics | MendocinoPI-FT6_1.0.0.6 | unaffected |
| AMD | AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics | DragonRangeFL1PI 1.0.0.3C | unaffected |
| AMD | AMD Ryzen™ Embedded V2000 Series Processors | EmbeddedPI-FP6_1.0.0.9 | unaffected |
| AMD | AMD Ryzen™ Embedded V3000 Series Processors | Embedded-PI_FP7r2 1009 | unaffected |
| AMD | AMD Radeon™ RX 6000 Series Graphics Products | AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01) | unaffected |
| AMD | AMD Radeon™ RX 7000 Series Graphics Products | AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01) | unaffected |
| AMD | AMD Radeon™ PRO W7000 Series Graphics Products | AMD Software: PRO Edition 25.Q3.1 (25.10.32) | unaffected |
| AMD | AMD Radeon™ PRO W6000 Series Graphics Products | AMD Software: PRO Edition 25.Q4 (25.10.37.01) | unaffected |
| AMD | AMD Instinct™ MI250 | ROCm 6.4 | unaffected |
| AMD | AMD Instinct™ MI210 | ROCm 6.4 | unaffected |
| AMD | AMD Radeon™ PRO V620 | Contact your AMD Customer Engineering representative | unaffected |
Weaknesses
- CWE-1304: CWE-1304 Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html
- https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.