CVE-2023-31307Improper Validation of Array Index in AMD Radeon Software

CWE-129Improper Validation of Array Index3 documents3 sources
Severity
4.4MEDIUMNVD
CNA2.3
EPSS
0.1%
top 81.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
AMD Radeon Software
Timeline
PublishedAug 13

Description

Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages1 packages

NVDamd/radeon_software< 23.12.1+1

🔴Vulnerability Details

2
CVEList
CVE-2023-31307: Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PM2024-08-13
GHSA
GHSA-mw9q-g6cf-hfc4: Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PM2024-08-13
CVE-2023-31307 — Improper Validation of Array Index | cvebase