Bulletin ID: AMD-SB-6003 **Potential Impact:**Varies by CVE, see descriptions below **Severity:**Varies by CVE, see descriptions below
AMD received reports of vulnerabilities potentially affecting some AMD Graphics products. Refer to the CVE Details section for information about each CVE.
Refer to Glossary for explanation of terms
CVE | Severity | CVE Description |
---|---|---|
CVE-2021-46748 | Medium | Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service. |
CVE-2023-20567 | Medium | Improper signature verification of RadeonTMRX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution. |
CVE-2023-20568 | Medium | Improper signature verification of RadeonTMRX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution. |
CVE-2023-31320 | Medium | Improper input validation in the AMD RadeonTMGraphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service. |
AMD recommends updating the AMD Graphics Driver to the version recommended for your product below. Please refer to your Original Equipment Manufacturer (OEM) for the driver update specific to your product.
Platform | Applicable CVE(s) | Release Version |
---|---|---|
AMD Radeon™ RX 5000 Series Graphics CardsAMD Radeon™ RX 6000 Series Graphics CardsAMD Radeon™ RX 7000 Series Graphics Cards | CVE-2021-46748CVE-2023-20567CVE-2023-20568CVE-2023-31320 | AMD Software: Adrenalin Edition 23.7.1 (23.10.01.45) |
AMD Radeon™ PRO W5000 Series Graphics CardsAMD Radeon™ PRO W6000 Series Graphics CardsAMD Radeon™ PRO W7000 Series Graphics Cards | CVE-2021-46748CVE-2023-20567CVE-2023-20568CVE-2023-31320 | AMD Software: PRO Edition 23.Q3 (23.10.18.05) |
AMD Radeon™ RX Vega Series Graphics CardsAMD Radeon™ PRO WX Vega Series Graphics Cards | CVE-2021-46748CVE-2023-20567CVE-2023-20568CVE-2023-31320 | Please refer to your OEM for the update specific to your product. |
OS Support | Version |
---|---|
Windows 11 | Version 21H2 and later |
Windows 10 64-bit | Version 1809 and later |
Windows Server 2022 | 21H2 |
Windows Server 2019 | 1809 |
Platform | Program | Applicable CVEs | Release Version Mitigation |
---|---|---|---|
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics | “Cezanne” | CVE-2021-46748CVE-2023-20567CVE-2023-20568CVE-2023-31320 | AMD Software: Adrenalin Edition 23.7.1 (23.10.01.45)AMD Software: PRO Edition 23.Q3 (23.10.18.05) |
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics| “Lucienne”
AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics| “Picasso” FP5
AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics| “Renoir” AM4
AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics| “Cezanne”
AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics| “Picasso” AM4
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics| “Pollock”
AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics| “Barcelo”| CVE-2023-20567CVE-2023-20568CVE-2023-31320
AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics| “Barcelo-R”
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics| “Dali”/”Dali” FP5
AMD Ryzen™ 7045 Series Processors with Radeon™ Graphics| “Dragon Range”
AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics| “Mendocino” FT6
AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics| “Phoenix” AM5
AMD Ryzen™ 7000 Series Processors with Radeon™ Graphics| “Raphael” X3D
AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics| “Renoir” FP6
AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics| “Rembrandt”
AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics| “Rembrandt-R”