CVE-2023-31323

EPSS 0.02%
Veröffentlicht 12.02.2026 17:45:12
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle psirt@amd.com
CVE-Watchlists
Login
Unerledigt
Login

Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of confidentiality, integrity, or availability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 8 VulnDex Vulnerability Enrichment 4

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerAMD

≫

Produkt AMD Radeon™ RX 5000 Series Graphics Products

Default Statusaffected

Version AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)

Status unaffected

HerstellerAMD

≫

Produkt AMD Radeon™ PRO W5000 Series Graphics Products

Default Statusaffected

Version AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)

Status unaffected

HerstellerAMD

≫

Produkt AMD Radeon™ VII

Default Statusaffected

Version No fix planned

Status affected

HerstellerAMD

≫

Produkt AMD Radeon™ PRO VII

Default Statusaffected

Version No fix planned

Status affected

HerstellerAMD

≫

Produkt AMD Instinct™ MI250

Default Statusaffected

Version ROCm 6.2

Status unaffected

HerstellerAMD

≫

Produkt AMD Instinct™ MI300A

Default Statusaffected

Version ROCm 6.2

Status unaffected

HerstellerAMD

≫

Produkt AMD Instinct™ MI210

Default Statusaffected

Version ROCm 6.2

Status unaffected

HerstellerAMD

≫

Produkt AMD Instinct™ MI300X

Default Statusaffected

Version ROCm 6.2

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.06

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@amd.com	8.4	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html

https://nvd.nist.gov/vuln/detail/CVE-2023-31323

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-31323

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-31323

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-31323