Potential security vulnerabilities in some Intel® Core™ processors with Radeon™ RX Vega M integrated graphics may allow escalation of privilege, denial of service or information disclosure. Intel and AMD are releasing driver updates to mitigate these potential vulnerabilities.
CVEID: CVE-2023-20568(Non-Intel issued)
Description: Improper signature verification of Radeon RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEID: CVE-2023-20567(Non-Intel issued)
Description: Improper signature verification of Radeon RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEID: CVE-2021-46748(Non-Intel issued)
Description: Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.
CVSS Base Score: 4.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Intel® Core™ processors with Radeon™ RX Vega M before version 23.10.01.46:
Intel recommends updating Radeon™ RX Vega M Graphics Driver for Windows® 10 64-bit for NUC8i7HNK, NUC8i7HVK to version 23.10.01.46.
Updates are available for download at this location:
<https://www.intel.com/content/www/us/en/download/19269/radeon-rx-vega-m-graphics-driver-for-windows-10-64-bit-for-nuc8i7hnk-nuc8i7hvk.html>
Intel recommends updating Radeon™ RX Vega M Graphics for Dell* XPS Laptops to version 31.0.21001.46001.
Updates are available for download at this location:
<https://www.intel.com/content/www/us/en/download/786439/radeon-rx-vega-m-graphics-for-dell-xps-laptops.html>
Intel recommends updating Radeon™ RX Vega M Graphics for HP* Spectre Laptops to version 31.0.21001.46001.
Updates are available for download at this location:
<https://www.intel.com/content/www/us/en/download/786424/radeon-rx-vega-m-graphics-for-hp-spectre-laptops.html>
Intel would like to thank hamdi aka Falcon Corruption @falconCorrup for reporting CVE-2023-20567 and CVE-2023-20568.
CVE-2021-46748 was found externally.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.