CVE-2023-31313
Published: 12 February 2026
Summary
CVE-2023-31313 is a high-severity Confused Deputy (CWE-441) vulnerability in Amd (inferred from references). Its CVSS base score is 7.2 (High).
Operationally, ranked at the 3.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Mitigates confused deputy risks by ensuring distinct privilege domains so one partition cannot unintentionally act on behalf of another.
NVD Description
An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.
Deeper analysisAI
CVE-2023-31313 is a vulnerability in the AMD power management firmware (PMFW) involving an unintended proxy or intermediary that could allow a privileged attacker to send malformed messages to the system management unit (SMU), potentially resulting in arbitrary code execution. Published on 2026-02-12, it carries a CVSS v3.1 base score of 7.2 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N) and maps to CWE-441 (Unintended Proxy or Intermediary ('Confused Deputy')).
The attack requires local access with high privileges (PR:H) and high attack complexity (AC:H), but no user interaction. A successful exploit enables the attacker to achieve arbitrary code execution with high impacts on confidentiality and integrity, no impact on availability, and a changed scope due to the firmware context.
AMD's security bulletin provides details on mitigation; practitioners should refer to https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html for patch information and remediation guidance.
Details
- CWE(s)