CVE-2023-20598

Summary

An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
AMDRadeon™ RX 5000 Series Graphics Cardsvariousaffected
AMDRadeon™ RX 6000 Series Graphics Cardsvariousaffected
AMDRadeon™ RX 7000 Series Graphics Cardsvariousaffected
AMDRadeon™ PRO W5000 Series Graphics CardsVariousaffected
AMDRadeon™ PRO W6000 Series Graphics Cardsvariousaffected
AMDRadeon™ PRO W7000 Series Graphics Cardsvariousaffected
AMDRyzen™ 7045 Series Processors with Radeon™ Graphicsvariousaffected
AMDRyzen™ 7020 Series Processors with Radeon™ Graphicsvariousaffected
AMDRyzen™ 7040 Series Processors with Radeon™ Graphicsvariousaffected
AMDRyzen™ 7000 Series Processors with Radeon™ Graphicsvariousaffected
AMDRyzen™ 6000 Series Processors with Radeon™ Graphicsvariousaffected
AMDRyzen™ 7035 Series Processors with Radeon™ Graphicsvariousaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References