Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amdAmd.comAMD-SB-6009
HistoryOct 16, 2023 - 12:00 a.m.

AMD Radeon™ Graphics Kernel Driver Privilege Management Vulnerability

2023-10-1600:00:00
amd.com
www.amd.com
55
privilege management
arbitrary code execution
amd radeon™
graphics driver
kernel driver
update
adrenalin edition
pro edition
graphics cards
graphics processors
windows
cve-2023-20598

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Bulletin ID: AMD-SB-6009 **Potential Impact:**Arbitrary code execution **Severity:**High

Summary

A potential vulnerability was reported in the AMD Radeon™ Software (Adrenalin Edition and PRO Edition) kernel (pdfwkrnl.sys) driver which may allow arbitrary code execution.

Current AMD analysis shows the attack opportunity is limited given the very short time the kernel driver is running.

CVE Details

Refer to Glossary for explanation of terms

CVE ID CVSS Score CVE Description
CVE-2023-20598 High An improper privilege management in the AMD Radeon™Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.

Affected Products and Mitigation

AMD recommends updating to the AMD graphics driver version (or later) indicated below.

Graphics Cards

Platform Release Version
AMD Radeon™ RX 5000 Series Graphics Cards
AMD Radeon™ RX 6000 Series Graphics Cards
AMD Radeon™ RX 7000 Series Graphics Cards AMD Software: Adrenalin Edition 23.9.2
(23.20.11.01)
(2023-09-19)
AMD Radeon™ PRO W5000 Series Graphics Cards
AMD Radeon™ PRO W6000 Series Graphics Cards
AMD Radeon™ PRO W7000 Series Graphics Cards AMD Software: PRO Edition 23.Q4
(23.30.14)
(23.30.13.03)
(2023-12-12)
OS Support Version
Windows® 11 Version 21H2 and later****
Windows® 10 64-bit Version 1809 and later****
Windows® Server 2022 21H2 ****
Windows® Server 2019 1809

Client Processors

Formerly codenamed programs Platform Release Version Mitigation
“Dragon Range” AMD Ryzen™ 7045 Series Processors with Radeon™ Graphics AMD Software: Adrenalin Edition 23.9.2
(23.20.11.01)
(2023-09-19)AMD Software: PRO Edition 23.Q4
(23.30.13.03)
(2023-12-12)
“Mendocino” FT6 AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
“Phoenix” FP7/FP7r2/FP8 AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics
“Raphael” AMD Ryzen™ 7000 Series Processors with Radeon™ Graphics
“Rembrandt” AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
“Rembrandt-R” AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics

Related

cve 1
vulnrichment 1
redhatcve 1
prion 1
nvd 1
cvelist 1
thn 1
cve
cve
CVE-2023-20598
2023-10-17 14:15:09
vulnrichment
vulnrichment
CVE-2023-20598
2023-10-17 13:26:21
redhatcve
redhatcve
CVE-2023-20598
2023-10-26 01:43:17
prion
prion
Input validation
2023-10-17 14:15:00
nvd
nvd
CVE-2023-20598
2023-10-17 14:15:09
cvelist
cvelist
CVE-2023-20598
2023-10-17 13:26:21
thn
thn
Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover
2023-11-02 08:59:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for AMD-SB-6009
cve1vulnrichment1redhatcve1prion1nvd1cvelist1thn1