Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-31306

Summary
Assigner-AMD
Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648
Published At-06 Sep, 2025 | 16:26
Updated At-08 Sep, 2025 | 13:33
Rejected At-
Credits

Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:AMD
Assigner Org ID:b58fc414-a1e4-4f92-9d70-1add41838648
Published At:06 Sep, 2025 | 16:26
Updated At:08 Sep, 2025 | 13:33
Rejected At:
▼CVE Numbering Authority (CNA)

Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.

Affected Products
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ RX 5000 Series Graphics Products
Default Status
affected
Versions
Unaffected
  • No fix planned
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ PRO W5000 Series Graphics Products
Default Status
affected
Versions
Unaffected
  • No fix planned
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ RX 6000 Series Graphics Products
Default Status
affected
Versions
Unaffected
  • AMD Software: Adrenalin Edition 24.10.1 (24.20.19.01)
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ PRO W6000 Series Graphics Products
Default Status
affected
Versions
Unaffected
  • AMD Software: PRO Edition 24.Q4 (24.20.30)
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ PRO V520 Graphics Products
Default Status
affected
Versions
Unaffected
  • Contact your AMD Customer Engineering representative
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ PRO V620 Graphics Products
Default Status
affected
Versions
Unaffected
  • Contact your AMD Customer Engineering representative
Problem Types
TypeCWE IDDescription
CWECWE-129CWE-129 Improper Validation of Array Index
Type: CWE
CWE ID: CWE-129
Description: CWE-129 Improper Validation of Array Index
Metrics
VersionBase scoreBase severityVector
3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html
N/A
Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@amd.com
Published At:06 Sep, 2025 | 17:15
Updated At:08 Sep, 2025 | 16:25

Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-129Secondarypsirt@amd.com
CWE ID: CWE-129
Type: Secondary
Source: psirt@amd.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.htmlpsirt@amd.com
N/A
Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html
Source: psirt@amd.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2023-31366
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-3.3||LOW
EPSS-0.11% / 29.21%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:57
Updated-12 Dec, 2024 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-uprofμProf Tool
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20513
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-3.3||LOW
EPSS-0.09% / 26.02%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:52
Updated-29 Oct, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) to send a malformed message, potentially resulting in a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Radeon™ PRO W6000 Series Graphics CardsAMD Radeon™ RX 6000 Series Graphics Cards
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20601
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-4.6||MEDIUM
EPSS-Not Assigned
Published-12 Feb, 2026 | 17:31
Updated-12 Feb, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds memory, potentially resulting in a denial-of-service condition.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Radeon™ PRO VIIAMD Radeon™ VII
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2023-31307
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-2.3||LOW
EPSS-0.06% / 18.89%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:54
Updated-13 Dec, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-radeon_rx_6750_xtradeon_rx_6950_xtradeon_rx_6600radeon_rx_6900_xtradeon_pro_w6400radeon_rx_6450mradeon_rx_6300mradeon_rx_6800mradeon_softwareradeon_rx_6550mradeon_rx_6750_greradeon_rx_6700radeon_rx_6700sradeon_rx_6600_xtradeon_rx_6400radeon_rx_6650_xtradeon_rx_6650mradeon_rx_6650m_xtradeon_rx_6700_xtradeon_rx_6700mradeon_rx_6800radeon_rx_6850m_xtradeon_pro_w6300radeon_pro_w6600radeon_pro_w6800radeon_rx_6800_xtradeon_rx_6600sradeon_rx_6800sradeon_rx_6500mradeon_rx_6500_xtradeon_rx_6600mradeon_rx_6550sAMD Radeon™ PRO W6000 Series Graphics CardsAMD Radeon™ RX 6000 Series Graphics Cards
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-21970
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 1.81%
||
7 Day CHG~0.00%
Published-06 Sep, 2025 | 17:20
Updated-08 Sep, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsAMD Ryzen™ Embedded R2000 Series ProcessorsAMD Ryzen™ Embedded V1000 Series ProcessorsAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ 3000 Series Desktop ProcessorsAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ 7045 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsAMD Ryzen™ 8000 Series Desktop ProcessorsAMD Ryzen™ 5000 Series Desktop ProcessorsAMD Ryzen™ Embedded 7000 Series ProcessorsAMD Ryzen™ Embedded V3000 Series ProcessorsAMD Ryzen™ Embedded R1000 Series ProcessorsAMD Ryzen™ 7030 Series Mobile Processors with Radeon™ GraphicsRenoir Cezanne Raven Ridge Raven Ridge 2 Picasso Summit Pinnacle Ridge Matisse VermeerAMD Ryzen™ 7035 Series Processors with Radeon™ GraphicsAMD Athlon™ 3000 Series Desktop Processors with Radeon™ GraphicsAMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsAMD Ryzen™ Embedded 5000 Series ProcessorsAMD Ryzen™ Embedded V2000 Series ProcessorsAMD Ryzen™ Threadripper™ 3000 ProcessorsAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ 3000 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ Threadripper™ PRO 5000 WX-Series ProcessorsAMD Ryzen™ 7000 Series Desktop Processors
CWE ID-CWE-129
Improper Validation of Array Index
Details not found