Buffer overflow in Amd Instinct™ Mi210

CVE-2023-31317

Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution.

Vulnerability class: Buffer Overflow

EPSS: 0.000 (4.2th percentile) — read the EPSS interpretation.

Affected products

Amd Instinct™ Mi210 — versions ROCm 7.0
Amd Instinct™ Mi250 — versions ROCm 7.0
Amd Radeon™ Pro W6000 Series Graphics Products — versions AMD Software: PRO Edition 25.Q3.1 (25.10.32)
Amd Radeon™ Pro W7000 Series Graphics Products — versions AMD Software: PRO Edition 25.Q3.1 (25.10.32)
Amd Radeon™ Rx 6000 Series Graphics Products — versions AMD Software: Adrenalin Edition 25.11.1 (25.10.33.03)
Amd Radeon™ Rx 7000 Series Graphics Products — versions AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

psirt@amd.com