Input validation error in AMD products - CVE-2023-20510
Published: August 30, 2024
Vulnerability identifier: #VU96643
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-20510
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: AMD
Affected software:
AMD Instinct MI100
AMD Radeon Instinct MI25
AMD Radeon PRO V520
AMD Radeon PRO V620
Radeon RX 6000 Series
Radeon PRO W6000 Series
AMD Instinct MI100
AMD Radeon Instinct MI25
AMD Radeon PRO V520
AMD Radeon PRO V620
Radeon RX 6000 Series
Radeon PRO W6000 Series
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient DRAM address validation in PMFW. A local user can perform a denial of service (DoS) attack.
How to mitigate CVE-2023-20510
Install updates from vendor's website.