CVE-2023-31306 - Vulnerability Details - OpenCVE

Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Amd	Radeon Radeon Pro V520 Radeon Pro V620 Radeon Pro W5000 Radeon Pro W6000 Radeon Rx 5000 Radeon Rx 6000

No data.

No data.

References

Link	Providers
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html

History

Mon, 08 Sep 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sun, 07 Sep 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Amd Amd radeon Amd radeon Pro V520 Amd radeon Pro V620 Amd radeon Pro W5000 Amd radeon Pro W6000 Amd radeon Rx 5000 Amd radeon Rx 6000
Vendors & Products		Amd Amd radeon Amd radeon Pro V520 Amd radeon Pro V620 Amd radeon Pro W5000 Amd radeon Pro W6000 Amd radeon Rx 5000 Amd radeon Rx 6000

Sat, 06 Sep 2025 16:30:00 +0000

Type	Values Removed	Values Added
Description		Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.
Weaknesses		CWE-129
References		https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html
Metrics		cvssV3_1 `{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2025-09-06T16:26:58.244Z

Updated: 2025-09-08T13:33:35.158Z

Reserved: 2023-04-27T15:25:41.422Z

Link: CVE-2023-31306

Vulnrichment

Updated: 2025-09-08T13:33:14.746Z

NVD

Status : Awaiting Analysis

Published: 2025-09-06T17:15:31.037

Modified: 2025-09-08T16:25:38.810

Link: CVE-2023-31306

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-31306", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2023-04-27T15:25:41.422Z", "datePublished": "2025-09-06T16:26:58.244Z", "dateUpdated": "2025-09-08T13:33:35.158Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2025-09-06T16:26:58.244Z"}, "affected": [{"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Radeon\u2122 RX 5000 Series Graphics Products", "versions": [{"version": "No fix planned", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products", "versions": [{"version": "No fix planned", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Radeon\u2122 RX 6000 Series Graphics Products", "versions": [{"version": "AMD Software: Adrenalin Edition 24.10.1 (24.20.19.01)", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products", "versions": [{"version": "AMD Software: PRO Edition 24.Q4 (24.20.30)", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Radeon\u2122 PRO V520 Graphics Products", "versions": [{"version": "Contact your AMD Customer Engineering representative", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Radeon\u2122 PRO V620 Graphics Products", "versions": [{"version": "Contact your AMD Customer Engineering representative", "status": "unaffected"}]}], "datePublic": "2025-09-06T16:06:25.855Z", "descriptions": [{"lang": "en", "value": "Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.<br>"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index", "lang": "en", "type": "CWE"}]}], "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "AMD PSIRT Automation 1.0"}, "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-08T13:33:11.030155Z", "id": "CVE-2023-31306", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-08T13:33:35.158Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-31306", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-08T13:33:11.030155Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-08T13:33:14.746Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AMD", "product": "AMD Radeon\u2122 RX 5000 Series Graphics Products", "versions": [{"status": "unaffected", "version": "No fix planned"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products", "versions": [{"status": "unaffected", "version": "No fix planned"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 RX 6000 Series Graphics Products", "versions": [{"status": "unaffected", "version": "AMD Software: Adrenalin Edition 24.10.1 (24.20.19.01)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products", "versions": [{"status": "unaffected", "version": "AMD Software: PRO Edition 24.Q4 (24.20.30)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 PRO V520 Graphics Products", "versions": [{"status": "unaffected", "version": "Contact your AMD Customer Engineering representative"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 PRO V620 Graphics Products", "versions": [{"status": "unaffected", "version": "Contact your AMD Customer Engineering representative"}], "defaultStatus": "affected"}], "datePublic": "2025-09-06T16:06:25.855Z", "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html"}], "x_generator": {"engine": "AMD PSIRT Automation 1.0"}, "descriptions": [{"lang": "en", "value": "Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.", "supportingMedia": [{"type": "text/html", "value": "Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index"}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2025-09-06T16:26:58.244Z"}}}, "cveMetadata": {"cveId": "CVE-2023-31306", "state": "PUBLISHED", "dateUpdated": "2025-09-08T13:33:35.158Z", "dateReserved": "2023-04-27T15:25:41.422Z", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "datePublished": "2025-09-06T16:26:58.244Z", "assignerShortName": "AMD"}, "dataVersion": "5.1"}