CVE-2023-20598
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | Radeon™ RX 5000 Series Graphics Cards | various | affected |
| AMD | Radeon™ RX 6000 Series Graphics Cards | various | affected |
| AMD | Radeon™ RX 7000 Series Graphics Cards | various | affected |
| AMD | Radeon™ PRO W5000 Series Graphics Cards | Various | affected |
| AMD | Radeon™ PRO W6000 Series Graphics Cards | various | affected |
| AMD | Radeon™ PRO W7000 Series Graphics Cards | various | affected |
| AMD | Ryzen™ 7045 Series Processors with Radeon™ Graphics | various | affected |
| AMD | Ryzen™ 7020 Series Processors with Radeon™ Graphics | various | affected |
| AMD | Ryzen™ 7040 Series Processors with Radeon™ Graphics | various | affected |
| AMD | Ryzen™ 7000 Series Processors with Radeon™ Graphics | various | affected |
| AMD | Ryzen™ 6000 Series Processors with Radeon™ Graphics | various | affected |
| AMD | Ryzen™ 7035 Series Processors with Radeon™ Graphics | various | affected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.