CVEFinder.io

CVE-2023-31307

ℹī¸ low
🔍 Scan for this CVE
Summary

Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.

CVSS Score
2.3
Low
EPSS Score
0.1
Exploit Probability
Published Date
2024-08-13
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 0.9% of all 330,193 vulnerabilities in our database.

#327,080
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Aug 13, 2024
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2024-12-13
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
CWE IDs (Weakness Types)
CWE-129

đŸ“Ļ Affected Products 2

Vendor Product Status Affected Versions
amd radeon_software Affected
< 23.12.1
amd radeon_software Affected
≤ 23.q4

🔗 References 1

https://www.amd.com/en/resources/product-security/bu...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2024-36333 ⚠ī¸ high 7.8 0.0 A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potenti... 2026-05-15
CVE-2023-20548 ⚠ī¸ high 7.8 0.0 A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt... 2026-02-11
CVE-2023-31324 ⚠ī¸ high 7.8 0.0 A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify ... 2026-02-11
CVE-2024-21937 ⚠ī¸ high 7.3 0.1 Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege esc... 2024-11-12
CVE-2021-26367 đŸ”ļ medium 5.7 0.0 A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an a... 2024-08-13
CVE-2023-20510 đŸ”ļ medium 4.7 0.0 An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to ... 2024-08-13
These CVEs affect the same products