CVE-2023-31304

Description

Improper input validation in SMU may allow an attacker with privileges and a compromised physical function (PF) to modify the PCIe® lane count and speed, potentially leading to a loss of availability.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Affected products

AMD / AMD Radeon™ PRO W6000 Series Graphics CardsAMD Software: PRO Edition 23.Q4 (23.30.13.03) – AMD Software: PRO Edition 23.Q4 (23.30.13.03)
AMD / AMD Radeon™ RX 6000 Series Graphics CardsAMD Software: Adrenalin Edition 23.12.1 (23.30.13.01) – AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)

References

MISChttps://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html