CVE-2023-31313 - Vulnerability Details - OpenCVE

An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0001.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

AMD

AMD Instinct™ MI210

affected

Version	Status	Constraints
`ROCm 6.4.2`	unaffected	—

AMD

AMD Instinct™ MI250

affected

Version	Status	Constraints
`ROCm 6.4.2`	unaffected	—

No data.

No data.

No data.

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html

History

Fri, 13 Feb 2026 12:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 12 Feb 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.
Weaknesses		CWE-441
References		https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html
Metrics		cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2026-02-12T14:16:53.918Z

Updated: 2026-02-12T21:13:23.387Z

Reserved: 2023-04-27T15:25:41.423Z

Link: CVE-2023-31313

Vulnrichment

Updated: 2026-02-12T21:13:20.744Z

NVD

Status : Awaiting Analysis

Published: 2026-02-12T15:16:01.710

Modified: 2026-02-13T14:23:48.007

Link: CVE-2023-31313

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-441

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-31313", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2023-04-27T15:25:41.423Z", "datePublished": "2026-02-12T14:16:53.918Z", "dateUpdated": "2026-02-12T21:13:23.387Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2026-02-12T14:16:53.918Z"}, "affected": [{"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Instinct\u2122 MI210", "versions": [{"version": "ROCm 6.4.2", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Instinct\u2122 MI250", "versions": [{"version": "ROCm 6.4.2", "status": "unaffected"}]}], "datePublic": "2026-02-12T14:16:21.943Z", "descriptions": [{"lang": "en", "value": "An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.<br>"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-441", "description": "CWE-441 Unintended Proxy or Intermediary (?Confused Deputy?)", "lang": "en", "type": "CWE"}]}], "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "AMD PSIRT Automation 1.0"}, "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-12T21:13:16.059086Z", "id": "CVE-2023-31313", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-12T21:13:23.387Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-31313", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-12T21:13:16.059086Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-12T21:13:20.744Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AMD", "product": "AMD Instinct\u2122 MI210", "versions": [{"status": "unaffected", "version": "ROCm 6.4.2"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Instinct\u2122 MI250", "versions": [{"status": "unaffected", "version": "ROCm 6.4.2"}], "defaultStatus": "affected"}], "datePublic": "2026-02-12T14:16:21.943Z", "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html"}], "x_generator": {"engine": "AMD PSIRT Automation 1.0"}, "descriptions": [{"lang": "en", "value": "An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.", "supportingMedia": [{"type": "text/html", "value": "An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-441", "description": "CWE-441 Unintended Proxy or Intermediary (?Confused Deputy?)"}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2026-02-12T14:16:53.918Z"}}}, "cveMetadata": {"cveId": "CVE-2023-31313", "state": "PUBLISHED", "dateUpdated": "2026-02-12T21:13:23.387Z", "dateReserved": "2023-04-27T15:25:41.423Z", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "datePublished": "2026-02-12T14:16:53.918Z", "assignerShortName": "AMD"}, "dataVersion": "5.2"}