1. Home
  2. CVE Database
  3. CVE-2023-31307
LOW · 2.3

CVE-2023-31307

Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.

Vulnerability Description

Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.

CVSS Score

2.3

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW

Affected Products

VendorProductVersions
AmdRadeon Software< 23.12.1
AmdRadeon Rx 6300M-
AmdRadeon Rx 6400-
AmdRadeon Rx 6450M-
AmdRadeon Rx 6500 Xt-
AmdRadeon Rx 6500M-
AmdRadeon Rx 6550M-
AmdRadeon Rx 6550S-
AmdRadeon Rx 6600-
AmdRadeon Rx 6600 Xt-
AmdRadeon Rx 6600M-
AmdRadeon Rx 6600S-
AmdRadeon Rx 6650 Xt-
AmdRadeon Rx 6650M-
AmdRadeon Rx 6650M Xt-
AmdRadeon Rx 6700-
AmdRadeon Rx 6700 Xt-
AmdRadeon Rx 6700M-
AmdRadeon Rx 6700S-
AmdRadeon Rx 6750 Gre-

Related Weaknesses (CWE)

CWE-129

References

FAQ

What is CVE-2023-31307?

CVE-2023-31307 is a vulnerability with a CVSS score of 2.3 (LOW). Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.

How severe is CVE-2023-31307?

CVE-2023-31307 has been rated LOW with a CVSS base score of 2.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-31307?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Radeon Software, Amd Radeon Rx 6300M, Amd Radeon Rx 6400, Amd Radeon Rx 6450M, Amd Radeon Rx 6500 Xt.