CVE-2023-31309

CVSS 6.8 MEDIUMEPSS 0.1%CWE-129

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.8EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

15 May 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability.

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N

Affected products

AMD · AMD Radeon™ PRO V520 AMD · AMD Radeon™ PRO V620 AMD · AMD Radeon™ PRO W6000 Series Graphics Products AMD · AMD Radeon™ RX 6000 Series Graphics Products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html