CVE-2023-4969
MediumPublic PoC
Published: 16 January 2024
Published
16 January 2024
Modified
20 June 2025
KEV Added
—
Patch
—
CVSS Score v3.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS Score
0.0206
84.3th percentile
Risk Priority
14
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2023-4969 is a medium-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in Amd Ryzen 7 5700G Firmware. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 15.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-54805
Vulnerability details
A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
khronos
opencl
≤ 3.0.11
khronos
vulkan
≤ 1.3.224
imaginationtech
ddk
≤ 23.2
amd
instinct mi300x firmware
all versions
amd
instinct mi300a firmware
all versions
amd
instinct mi250 firmware
all versions
amd
instinct mi210 firmware
all versions
amd
instinct mi100 firmware
all versions
amd
radeon instinct mi50 firmware
all versions
amd
radeon instinct mi25 firmware
all versions
+122 more product configuration(s) — see NVD for full list
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.