7.2
CVE-2023-31313
- EPSS 0.02%
- Veröffentlicht 12.02.2026 14:16:53
- Zuletzt bearbeitet 13.02.2026 14:23:48
- Quelle psirt@amd.com
- CVE-Watchlists
- Unerledigt
An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAMD
≫
Produkt
AMD Instinct™ MI210
Default Statusaffected
Version
ROCm 6.4.2
Status
unaffected
HerstellerAMD
≫
Produkt
AMD Instinct™ MI250
Default Statusaffected
Version
ROCm 6.4.2
Status
unaffected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.027 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@amd.com | 7.2 | 0.8 | 5.8 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
|
CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')
The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.