CVE-2023-31330
BaseFortify
Publication date: 2025-09-06
Last updated on: 2025-09-08
Assigner: Advanced Micro Devices Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amd | ryzen_6000 | * |
| amd | ryzen_2000 | * |
| amd | client_processors | * |
| amd | ryzen_embedded_r2000 | * |
| amd | ryzen_embedded_v2000 | * |
| amd | ryzen_embedded_8000 | * |
| amd | athlon_3000_series_mobile | * |
| amd | pro_3000wx | * |
| amd | pro_7000 | * |
| amd | epyc_embedded_7002 | * |
| amd | ryzen_embedded_v3000 | * |
| amd | pro_5000wx | * |
| amd | ryzen_4000 | * |
| amd | epyc_embedded_7003 | * |
| amd | epyc_embedded_900 | * |
| amd | ryzen_embedded_7000 | * |
| amd | ryzen_embedded_r1000 | * |
| amd | ryzen_7000 | * |
| amd | ryzen_5000_series_mobile | * |
| amd | platform_initialization_firmware | * |
| amd | ryzen_embedded_5000 | * |
| amd | ryzen_8000 | * |
| amd | embedded_processors | * |
| amd | epyc_embedded_3000 | * |
| amd | ryzen_threadripper_3000 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds read in the ASP (presumably a component related to the system) that could allow a privileged attacker who has access to a malicious bootloader to read sensitive memory. This means the attacker could potentially access confidential information stored in memory that should not be accessible.
How can this vulnerability impact me? :
The impact of this vulnerability is a loss of confidentiality, as an attacker with the required privileges and access to a malicious bootloader could read sensitive memory contents. This could lead to exposure of confidential data.