CVE-2023-20567

2023-11-1418:51:25

AMD

www.cve.org

cve-2023-20567

admin privileges

amdsoftwareinstaller.exe

arbitrary code execution

file signature validation

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "AMD Software: Adrenalin Edition 23.7.1 ",
    "platforms": [
      "x86"
    ],
    "product": "Radeon™ RX 5000/6000/7000 Series Graphics Cards ",
    "vendor": " AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "AMD Software: PRO Edition 23.Q3 ",
    "platforms": [
      "x86"
    ],
    "product": "Radeon™ PRO W5000/W6000/W7000 Series Graphics Cards",
    "vendor": " AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "x86"
    ],
    "product": "Radeon™ RX Vega Series Graphics Cards",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "x86"
    ],
    "product": "Radeon™ PRO WX Vega Series Graphics Cards",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  }
]