Intel® Core™ Processors with Radeon™ RX Vega M Graphics  Advisory

Summary:

Potential security vulnerabilities in some Intel® Core™ processors with Radeon™ RX Vega M integrated graphics may allow escalation of privilege, denial of service or information disclosure. Intel and AMD are releasing driver updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2023-20568(Non-Intel issued)

Description: Improper signature verification of Radeon RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVEID: CVE-2023-20567(Non-Intel issued)

Description: Improper signature verification of Radeon RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVEID: CVE-2021-46748(Non-Intel issued)

Description: Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.

CVSS Base Score: 4.1 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected Products:

Intel® Core™ processors with Radeon™ RX Vega M before version 23.10.01.46:

• Intel® NUC Kit NUC8i7HNK, NUC8i7HVK
• Intel® NUC 8 Enthusiast, a Mini PC with Windows 10 - NUC8i7HVKVA
• Intel® NUC 8 Business, a Mini PC with Windows 10 - NUC8i7HNKQC
• Intel® NUC 8 Enthusiast, a Mini PC with Windows 10 - NUC8i7HVKVAW
• Intel® Core™ i7-8709G Processor with Radeon™ RX Vega M GH graphics
• Intel® Core™ i7-8706G Processor with Radeon™ RX Vega M GL graphics
• Intel® Core™ i7-8705G Processor with Radeon™ RX Vega M GL graphics
• Intel® Core™ i5-8305G Processor with Radeon™ Pro WX Vega M GL graphics

Recommendation:

Intel recommends updating Radeon™ RX Vega M Graphics Driver for Windows® 10 64-bit for NUC8i7HNK, NUC8i7HVK to version 23.10.01.46.
Updates are available for download at this location:
<https://www.intel.com/content/www/us/en/download/19269/radeon-rx-vega-m-graphics-driver-for-windows-10-64-bit-for-nuc8i7hnk-nuc8i7hvk.html&gt;

Intel recommends updating Radeon™ RX Vega M Graphics for Dell* XPS Laptops to version 31.0.21001.46001.
Updates are available for download at this location:
<https://www.intel.com/content/www/us/en/download/786439/radeon-rx-vega-m-graphics-for-dell-xps-laptops.html&gt;

Intel recommends updating Radeon™ RX Vega M Graphics for HP* Spectre Laptops to version 31.0.21001.46001.
Updates are available for download at this location:
<https://www.intel.com/content/www/us/en/download/786424/radeon-rx-vega-m-graphics-for-hp-spectre-laptops.html&gt;

Acknowledgements:

Intel would like to thank hamdi aka Falcon Corruption @falconCorrup for reporting CVE-2023-20567 and CVE-2023-20568.

CVE-2021-46748 was found externally.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.