Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2023-20598 |
CWE-ID | CWE-782 |
Exploitation vector | Local |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
Radeon RX 5000 Series Hardware solutions / Firmware Radeon RX 6000 Series Hardware solutions / Firmware Radeon RX 7000 Series Hardware solutions / Firmware Ryzen 7045 Series Processors with Radeon Graphics Hardware solutions / Firmware Ryzen 7020 Series Processors with Radeon Graphics Hardware solutions / Firmware Ryzen 7040 Series Processors with Radeon Graphics Hardware solutions / Firmware Ryzen 7000 Series Processors with Radeon Graphics Hardware solutions / Firmware Ryzen 6000 Series Processors with Radeon Graphics Hardware solutions / Firmware Ryzen 7035 Series Processors with Radeon Graphics Hardware solutions / Firmware Radeon PRO W5000 Series Hardware solutions / Firmware Radeon PRO W6000 Series Hardware solutions / Firmware Radeon PRO W7000 Series Hardware solutions / Firmware AMD Software Adrenalin Edition Hardware solutions / Firmware AMD Software PRO Edition Hardware solutions / Firmware |
Vendor | AMD |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU82434
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-20598
CWE-ID:
CWE-782 - Exposed IOCTL with Insufficient Access Control
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to insufficient access control in the IOCTL within the pdfwkrnl.sys driver. A local user can send a specially crafted IOCTL request and execute abitrary code on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsRadeon RX 5000 Series: All versions
Radeon RX 6000 Series: All versions
Radeon RX 7000 Series: All versions
Ryzen 7045 Series Processors with Radeon Graphics: All versions
Ryzen 7020 Series Processors with Radeon Graphics: All versions
Ryzen 7040 Series Processors with Radeon Graphics: All versions
Ryzen 7000 Series Processors with Radeon Graphics: All versions
Ryzen 6000 Series Processors with Radeon Graphics: All versions
Ryzen 7035 Series Processors with Radeon Graphics: All versions
Radeon PRO W5000 Series: All versions
Radeon PRO W6000 Series: All versions
Radeon PRO W7000 Series: All versions
AMD Software Adrenalin Edition: before 23.9.2
AMD Software PRO Edition: before 23.Q4
External linkshttp://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6009
http://jvn.jp/en/vu/JVNVU97149791/index.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.