CVE-2023-31323

Summary

Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of confidentiality, integrity, or availability.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Radeon™ RX 5000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)unaffected
AMDAMD Radeon™ PRO W5000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)unaffected
AMDAMD Radeon™ VIINo fix plannedaffected
AMDAMD Radeon™ PRO VIINo fix plannedaffected
AMDAMD Instinct™ MI250ROCm 6.2unaffected
AMDAMD Instinct™ MI300AROCm 6.2unaffected
AMDAMD Instinct™ MI210ROCm 6.2unaffected
AMDAMD Instinct™ MI300XROCm 6.2unaffected

Weaknesses

  • CWE-843: CWE-843 Access of Resource Using Incompatible Type (‘Type Confusion’)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References