6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.1%
**Bulletin ID:**AMD-SB-7004 **Potential Impact:**Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below
AMD Ryzen™ Master is a software tool that provides users access to advanced settings, such as clock and voltage settings, to control system performance in real-time.
An external researcher reported two potential vulnerabilities in AMD Ryzen™ Master caused by insufficient input validation in the IOCTL (Input Output Control) buffer. These vulnerabilities may allow an attacker with administrative privileges to potentially cause a Windows crash, resulting in loss of availability.
Alternatively, an attacker with administrative privileges may perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution.
Refer to Glossary for explanation of terms
CVE | Severity | CVE Description |
---|---|---|
CVE-2023-20564 | High | Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution. |
CVE-2023-20560 | Medium | Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service. |
AMD Ryzen™ Master
AMD Ryzen™ Master Monitoring SDK
AMD recommends updating AMD Ryzen™ Master to the following version(s):
OS | Version |
---|---|
Windows 10 | |
Windows 11 | AMD recommends updating to AMD Ryzen™ Master 2.11.2.2659 or higher available here: <https://www.amd.com/en/technologies/ryzen-master> |
Windows 10 | |
Windows 11 | AMD recommends updating to AMD Ryzen™ Master Monitoring SDK 2.11.2 or higher available here: https://www.amd.com/en/developer/ryzen-master-monitoring-sdk.html |