CVE-2023-31313

Awaiting Analysis Awaiting Analysis - Queue

Arbitrary Code Execution via Proxy Vulnerability in AMD PMFW

Publication date: 2026-02-12

Last updated on: 2026-02-13

Assigner: Advanced Micro Devices Inc.

Description

An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-02-12

Last Modified

2026-02-13

Generated

2026-06-16

AI Q&A

2026-02-12

EPSS Evaluated

2026-06-14

NVD

CVE-2023-31313

EUVD

EUVD-2023-35624

Affected Vendors & Products

Vendor	Product	Version / Range
amd	power_management_firmware	*

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-441	The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

CWE ID

Description

CWE-441

The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

Attack-Flow Graph

Executive Summary

This vulnerability involves an unintended proxy or intermediary within the AMD power management firmware (PMFW). It could allow a privileged attacker to send malformed messages to the system management unit (SMU). This may potentially result in arbitrary code execution.

Impact Analysis

The vulnerability can allow a privileged attacker to execute arbitrary code on the affected system by sending malformed messages to the system management unit. This could compromise the integrity and security of the system, potentially leading to unauthorized control or manipulation of system functions.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Hi! I’m here to help you understand CVE-2023-31313. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2023-31313

Arbitrary Code Execution via Proxy Vulnerability in AMD PMFW

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart