3.3

CVE-2023-31306

Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAMD
Produkt AMD Radeon™ RX 5000 Series Graphics Products
Default Statusaffected
Version No fix planned
Status unaffected
HerstellerAMD
Produkt AMD Radeon™ PRO W5000 Series Graphics Products
Default Statusaffected
Version No fix planned
Status unaffected
HerstellerAMD
Produkt AMD Radeon™ RX 6000 Series Graphics Products
Default Statusaffected
Version AMD Software: Adrenalin Edition 24.10.1 (24.20.19.01)
Status unaffected
HerstellerAMD
Produkt AMD Radeon™ PRO W6000 Series Graphics Products
Default Statusaffected
Version AMD Software: PRO Edition 24.Q4 (24.20.30)
Status unaffected
HerstellerAMD
Produkt AMD Radeon™ PRO V520 Graphics Products
Default Statusaffected
Version Contact your AMD Customer Engineering representative
Status unaffected
HerstellerAMD
Produkt AMD Radeon™ PRO V620 Graphics Products
Default Statusaffected
Version Contact your AMD Customer Engineering representative
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.028
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@amd.com 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.