#VU96632 Input validation error in AMD products - CVE-2023-31310
Published: August 30, 2024
Vulnerability identifier: #VU96632
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-31310
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
AMD Instinct MI100
AMD Radeon Instinct MI25
AMD Radeon PRO V520
AMD Radeon PRO V620
Radeon RX 6000 Series
Radeon PRO W6000 Series
AMD Instinct MI100
AMD Radeon Instinct MI25
AMD Radeon PRO V520
AMD Radeon PRO V620
Radeon RX 6000 Series
Radeon PRO W6000 Series
Software vendor:
AMD
AMD
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient input validation in Power Management Firmware (PMFW). A local user can send a malformed input for the "set temperature input selection" command and execute arbitrary code with elevated privileges.
Remediation
Install updates from vendor's website.