CVE-2023-31313 — Vulnetix

CVE-2023-31313 PUBLISHED CVSS 7.199999809265137 HIGH

An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.

EPSS 0.02% · 3.4th percentile

Risk Scores

CVSS v3.1

7.199999809265137

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

EPSS Score

0.02%

3.4th percentile

Affected Products

Vendor	Product	Versions
AMD	AMD Instinct™ MI250	ROCm 6.4.2, ROCm 6.4.2
AMD	AMD Instinct™ MI210	ROCm 6.4.2, ROCm 6.4.2

Timeline

Feb 12, 2026 CVE Published
Feb 13, 2026 EPSS Score
Feb 15, 2026 EPSS Score
Feb 16, 2026 CVE Updated
Feb 17, 2026 EPSS Score
Feb 19, 2026 EPSS Score
Feb 21, 2026 EPSS Score
Feb 22, 2026 EPSS Score
Feb 24, 2026 EPSS Score
Feb 26, 2026 EPSS Score
Feb 28, 2026 EPSS Score
Mar 2, 2026 EPSS Score

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html url
https://nvd.nist.gov/vuln/detail/CVE-2023-31313 advisory

Open in Interactive Console →