CVE-2023-31309: Out-of-bounds Read

Published May 15, 2026

Updated

Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability.

Affected Software

1 affected component

AMD Power Management Firmware (PMFW)

Event History

May 15, 2026

CVE Published

via MITRE·02:48 AM

Data Sourced

via MITRE·02:48 AM

DescriptionWeakness

Data Sourced

via NVD·03:16 AM

DescriptionSeverityWeakness

Frequently Asked Questions

What is the severity of CVE-2023-31309?

CVE-2023-31309 is classified as a high-severity vulnerability due to its potential impact on confidentiality and availability.

How do I fix CVE-2023-31309?

To mitigate CVE-2023-31309, ensure that the latest updates and patches for AMD Power Management Firmware are applied.

What type of attack does CVE-2023-31309 allow?

CVE-2023-31309 allows an attacker with privileges to exploit improper validation, potentially leading to data exposure or system instability.

Which software is affected by CVE-2023-31309?

CVE-2023-31309 affects the AMD Power Management Firmware (PMFW) specifically.

What are the potential consequences of CVE-2023-31309?

The potential consequences of CVE-2023-31309 include a loss of confidentiality and availability due to malformed workload arguments.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.