CVE-2023-20514

Summary

Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in arbitrary code execution

Affected Software

VendorProductVersion RangeStatus
AMDAMD Radeon™ RX 6000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2 (25.10.10)unaffected
AMDAMD Radeon™ PRO W6000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2 (25.10.10)unaffected
AMDAMD Radeon™ RX 7000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2 (25.10.10)unaffected
AMDAMD Radeon™ PRO W7000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2 (25.10.10)unaffected
AMDAMD Radeon™ PRO VIIAMD Software: Adrenalin Edition 25.5.1 (23.19.23.01 pre-RDNA), AMD Software: PRO Edition 25.Q2 (23.19.23.01 pre-RDNA)unaffected
AMDAMD Radeon™ VIIAMD Software: Adrenalin Edition 25.5.1 (23.19.23.01 pre-RDNA), AMD Software: PRO Edition 25.Q2 (23.19.23.01 pre-RDNA)unaffected
AMDAMD Radeon™ PRO V620Contact your AMD Customer Engineering representativeunaffected
AMDAMD Radeon™ PROV710Contact your AMD Customer Engineering representativeunaffected

Weaknesses

  • CWE-233: CWE-233 Improper Handling of Parameters

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References