{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-31306","assignerOrgId":"b58fc414-a1e4-4f92-9d70-1add41838648","state":"PUBLISHED","assignerShortName":"AMD","dateReserved":"2023-04-27T15:25:41.422Z","datePublished":"2025-09-06T16:26:58.244Z","dateUpdated":"2025-09-08T13:33:35.158Z"},"containers":{"cna":{"providerMetadata":{"orgId":"b58fc414-a1e4-4f92-9d70-1add41838648","shortName":"AMD","dateUpdated":"2025-09-06T16:26:58.244Z"},"affected":[{"defaultStatus":"affected","vendor":"AMD","product":"AMD Radeon™ RX 5000 Series Graphics Products","versions":[{"version":"No fix planned","status":"unaffected"}]},{"defaultStatus":"affected","vendor":"AMD","product":"AMD Radeon™ PRO W5000 Series Graphics Products","versions":[{"version":"No fix planned","status":"unaffected"}]},{"defaultStatus":"affected","vendor":"AMD","product":"AMD Radeon™ RX 6000 Series Graphics Products","versions":[{"version":"AMD Software: Adrenalin Edition 24.10.1 (24.20.19.01)","status":"unaffected"}]},{"defaultStatus":"affected","vendor":"AMD","product":"AMD Radeon™ PRO W6000 Series Graphics Products","versions":[{"version":"AMD Software: PRO Edition 24.Q4 (24.20.30)","status":"unaffected"}]},{"defaultStatus":"affected","vendor":"AMD","product":"AMD Radeon™ PRO V520 Graphics Products","versions":[{"version":"Contact your AMD Customer Engineering representative","status":"unaffected"}]},{"defaultStatus":"affected","vendor":"AMD","product":"AMD Radeon™ PRO V620 Graphics Products","versions":[{"version":"Contact your AMD Customer Engineering representative","status":"unaffected"}]}],"datePublic":"2025-09-06T16:06:25.855Z","descriptions":[{"lang":"en","value":"Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.<br>"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-129","description":"CWE-129  Improper Validation of Array Index","lang":"en","type":"CWE"}]}],"references":[{"url":"https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"AMD PSIRT Automation 1.0"},"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW","baseScore":3.3,"baseSeverity":"LOW"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-08T13:33:11.030155Z","id":"CVE-2023-31306","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-08T13:33:35.158Z"}}]}}