CVE-2023-31316

Summary

Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next (VCN) firmware potentially impacting confidentiality, integrity, or availability.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsCezanne-FP6 1.0.1.0unaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.0.0.aunaffected
AMDAMD Ryzen™ 4000 Series Desktop ProcessorsComboAM4v2 1.2.0.Caunaffected
AMDAMD Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsComboAM4v2 1.2.0.Caunaffected
AMDAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7_1.1.0.0unaffected
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsRenoir-FP6 1.0.0.Dunaffected
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsRembrandt-FP7 1.0.0.Aunaffected
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsMendocinoPI-FT6_1.0.0.6unaffected
AMDAMD Ryzen™ 7045 Series Mobile Processors with Radeon™ GraphicsDragonRangeFL1PI 1.0.0.3Cunaffected
AMDAMD Ryzen™ Embedded V2000 Series ProcessorsEmbeddedPI-FP6_1.0.0.9unaffected
AMDAMD Ryzen™ Embedded V3000 Series ProcessorsEmbedded-PI_FP7r2 1009unaffected
AMDAMD Radeon™ RX 6000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)unaffected
AMDAMD Radeon™ RX 7000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)unaffected
AMDAMD Radeon™ PRO W7000 Series Graphics ProductsAMD Software: PRO Edition 25.Q3.1 (25.10.32)unaffected
AMDAMD Radeon™ PRO W6000 Series Graphics ProductsAMD Software: PRO Edition 25.Q4 (25.10.37.01)unaffected
AMDAMD Instinct™ MI250ROCm 6.4unaffected
AMDAMD Instinct™ MI210ROCm 6.4unaffected
AMDAMD Radeon™ PRO V620Contact your AMD Customer Engineering representativeunaffected

Weaknesses

  • CWE-1304: CWE-1304 Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References