CVE-2023-31316: Improperly preserved integrity of hardware configuration state during a power save/restore operation in the...
Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next (VCN) firmware potentially impacting confidentiality, integrity, or availability.
Security readout for executives and security teams
Plain-English summary
This is a firmware-level AMD issue where hardware state is not reliably protected during power save and restore. An attacker who already has local access and a specific memory-write capability could redirect video firmware execution, potentially affecting confidentiality, integrity, or availability.
Executive priority
Treat this as a high-priority firmware and driver remediation item, especially for fleets with AMD graphics, Ryzen endpoints, or GPU compute assets. The practical risk depends on local attacker foothold, but successful exploitation could affect system integrity.
Technical view
CVE-2023-31316 is a CWE-1304 issue in the AMD Secure Processor involving improper preservation of hardware configuration state across power transitions. With local, low-privileged access and high-complexity prerequisites, an attacker able to write outside the trusted memory range could influence VCN firmware control flow.
Likely exposure
Exposure is most likely on systems using the AMD Ryzen, Radeon, Radeon PRO, Instinct, and embedded products listed in AMD SB-4017 and SB-6027. It is not described as a remotely reachable vulnerability by itself.
Exploitation context
The CVSS vector indicates local access, high attack complexity, required attack conditions, low privileges, and no user interaction. The source bundle reports no CISA KEV listing, and no cited source states active exploitation.
Researcher notes
The key prerequisite is the ability to write outside the trusted memory range. Public source details do not provide enough evidence to assess reliable exploitability, affected OEM firmware availability, or real-world exploitation beyond the CVSS and AMD bulletin data.
Mitigation direction
Inventory systems using affected AMD Ryzen, Radeon, Radeon PRO, Instinct, and embedded products.
Review AMD SB-4017 and SB-6027 for product-specific guidance and update paths.
Apply vendor or OEM BIOS, firmware, driver, or ROCm updates where AMD guidance identifies them.
For Radeon PRO V620, contact the AMD Customer Engineering representative as directed.
Prioritize shared workstations, developer systems, GPU compute hosts, and endpoints with untrusted local users.
Validation and detection
Compare installed AMD hardware against the affected product list in the AMD bulletins.
Record BIOS, AGESA, graphics driver, and ROCm versions where applicable.
Confirm remediation status against AMD SB-4017 and SB-6027, not only OS patch state.
Check endpoint and EDR telemetry for suspicious local privilege or firmware-adjacent activity.
Track exceptions where OEM firmware or AMD customer guidance is still pending.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-1304: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-1304 · source CWE mapping
Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.