CVE-2023-31330

Description

An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious bootloader to potentially read sensitive memory resulting in loss of confidentiality.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

Affected products

AMD / AMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsPicasso-FP5_1.0.1.1 – Picasso-FP5_1.0.1.1
AMD / AMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4v2PI_1.2.0.CA – ComboAM4v2PI_1.2.0.CA
AMD / AMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4PI_1.0.0.E – ComboAM4PI_1.0.0.E
AMD / AMD Ryzen™ 4000 Series Desktop ProcessorsComboAM4v2PI_1.2.0.CA – ComboAM4v2PI_1.2.0.CA
AMD / AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsRenoir-FP6_1.0.0.Ea – Renoir-FP6_1.0.0.Ea
AMD / AMD Ryzen™ 5000 Series Desktop ProcessorsComboAM4v2PI_1.2.0.CA – ComboAM4v2PI_1.2.0.CA
AMD / AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsComboAM4v2PI_1.2.0.CA – ComboAM4v2PI_1.2.0.CA
AMD / AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsCezanne-FP6_1.0.1.1a – Cezanne-FP6_1.0.1.1a
AMD / AMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsRembrandt-FP7_1.0.0.A – Rembrandt-FP7_1.0.0.A
AMD / AMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5 1.1.0.2 – ComboAM5 1.1.0.2
AMD / AMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsMendocinoPI-FT6_1.0.0.6 – MendocinoPI-FT6_1.0.0.6
AMD / AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ GraphicsCezanne-FP6_1.0.1.1a – Cezanne-FP6_1.0.1.1a
AMD / AMD Ryzen™ 7035 Series Processors with Radeon™ GraphicsRembrandt-FP7_1.0.0.A – Rembrandt-FP7_1.0.0.A
AMD / AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7_1.1.0.1b – PhoenixPI-FP8-FP7_1.1.0.1b
AMD / AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ GraphicsDragonRangeFL1PI 1.0.0.3C – DragonRangeFL1PI 1.0.0.3C
AMD / AMD Ryzen™ 8000 Series Desktop ProcessorsComboAM5 1.1.0.2 – ComboAM5 1.1.0.2
AMD / AMD Ryzen™ Threadripper™ 3000 ProcessorsCastlePeakPI-SP3r3 1.0.0.C – CastlePeakPI-SP3r3 1.0.0.C
AMD / AMD Ryzen™ Threadripper™ 7000 ProcessorsStrormPeakPI-SP6_1.1.0.0c – StrormPeakPI-SP6_1.1.0.0c
AMD / AMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsCastlePeakWSPI-sWRX8 1.0.0.E – CastlePeakWSPI-sWRX8 1.0.0.E
AMD / AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processorschagallwspi_swrx8_1.0.0.9 – chagallwspi_swrx8_1.0.0.9
AMD / AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processorschagallwspi_swrx8_1.0.0.9 – chagallwspi_swrx8_1.0.0.9
AMD / AMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsStrormPeakPI-SP6_1.0.0.1e – StrormPeakPI-SP6_1.0.0.1e
AMD / AMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsStrormPeakPI-SP6_1.1.0.0c – StrormPeakPI-SP6_1.1.0.0c

CVE-2023-31330

Description

CVSS breakdown

Affected products

References