Lenovo update for AMD Radeon Graphics Kernel driver

1) Exposed IOCTL with Insufficient Access Control

EUVDB-ID: #VU82434

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2023-20598

CWE-ID: CWE-782 - Exposed IOCTL with Insufficient Access Control

Exploit availability: Yes

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to insufficient access control in the IOCTL within the pdfwkrnl.sys driver. A local user can send a specially crafted IOCTL request and execute abitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ThinkStation P358 Workstation: All versions

ThinkStation P620 Workstation: All versions

ThinkStation P360 Ultra Workstation: All versions

ThinkStation P7 Intel Workstation: All versions

ThinkStation P5 Workstation: All versions

ThinkStation P920 Workstation: All versions

ThinkStation P720 Workstation: All versions

ThinkStation P520c Workstation: All versions

ThinkStation P520 Workstation: All versions

ThinkStation P360 Workstation: All versions

ThinkStation P350 Workstation: All versions

ThinkStation P348 Workstation: All versions

ThinkStation P3 Tower Workstation: All versions

ThinkStation P340 Workstation: All versions

AMD Graphic Driver for WX3200 for Windows 10 (Version 22H2), 11 (Version 22H2 or Later) - ThinkStation P920, P720, P520, P520c: before 31.0.21912.14 FOR WX3200

AMD Discrete Graphics Legacy Driver for Windows 10-64-bit (Version 1909) - ThinkStation P520, P520c, P720, P920: before 31.0.21912.14 FOR WX3200

AMD Discrete Graphics Driver for Windows 10 RS4 (64-bit) - ThinkStation P520, P520c, P720, P920: before 31.0.21912.14 FOR WX3200

AMD Discrete Graphics Driver for Windows 10 (Version 20H2) - ThinkStation P920, P720, P520, P520c: before 31.0.21912.14 FOR WX3200

AMD Discrete Graphics Driver for Windows 10 (Version 2004) - ThinkStation P520, P520c, P720, P920: before 31.0.21912.14 FOR WX3200

AMD Discrete Graphic Driver for Windows 10 (Version 21H2), 11 (Version 21H2 or later) - ThinkStation P520, P520c, P720, P920: before 31.0.21912.14 FOR WX3200

AMD Discrete Graphics Driver for Windows 10 (Version 22H2) - ThinkStation P360: before 31.0.14037.18001

AMD Discrete Graphics Driver (Radeon W6400) for Windows 10 (Version 20H2, 21H1, 21H2) - ThinkStation P360: before 31.0.14037.18001

AMD Discrete Graphics Driver for Windows 11 (Version 21H2), 10 (Version 21H2) - ThinkStation P360 Ultra: before 31.0.24026.3002 FOR W6400 AND 31.0.21912.14 FOR WX3200

AMD Discrete Graphics Driver for Windows 10 IOT - ThinkStation P360 Ultra: before 31.0.24026.3002 FOR W6400 AND 31.0.21912.14 FOR WX3200

AMD Discrete Graphics Driver For W6400 for Windows 10 (Version 21H2)- ThinkStation P360 Ultra: before 31.0.24026.3002

AMD Discrete Driver for Windows 11 (Version 21H2), 10 (Version 21H2) - ThinkStation P358: before 31.0.24026.3002

AMD Discrete VGA Driver for Windows 10 64-bit (Version 20H2) - ThinkStation P348: before 31.0.21916.4001

AMD Discrete Graphics Driver for Windows 11 (Version 21H2 or Later) - ThinkStation P348: before 31.0.21916.4001

AMD Discrete Graphics Driver for Windows 10 (Version 21H2) - ThinkStation P348: before 31.0.21916.4001

AMD Discrete Graphics Driver for Windows 10 (Version 21H2, 22H2), 11 (Version 21H2, 22H2, 23H2) - ThinkStation P3: before 31.0.14037.18001

AMD Discrete Graphics Driver for Windows 10 (Version 21H1), 11 (Version 21H2 or Later) - ThinkStation P350: before 31.0.21916.4001

AMD Discrete Graphics Driver (Radeon W6400) for Windows 10 (Version 21H2), 11 (Version 21H2) - ThinkStation P348: before 30.0.14014.3001

AMD Discrete Graphics Driver for Windows 11 (Version 21H2 or Later) - ThinkStation P340: before 31.0.21916.4001

AMD Discrete Graphics Driver for Windows 10 (Version 21H2) - ThinkStation P340: before 31.0.21916.4001

AMD Discrete Graphics Driver for Windows 10 (Version 21H2), 11 (Version 21H2, 22H2) - ThinkStation P7 Intel: before 32.0.11002.41

AMD Discrete VGA Driver for Windows 11 (Version 22H2) - ThinkStation P620: before 31.0.24026.3002

AMD Discrete Graphics Driver for Windows 10 (Version 21H2), 11 (Version 21H2, 22H2) - ThinkStation P5: before 32.0.11002.41

AMD Discrete Graphics Driver for W6400 for Windows 10 (Version 21H2, 22H2 or Later) - ThinkStation P360 Ultra: before 31.0.24026.3002 FOR W6400 AND 31.0.21912.14 FOR WX3200

AMD Discrete Graphics Driver for Windows 11 (Version 22H2 or Later), 10 (Version 22H2) - ThinkStation P358: before 31.0.24026.3002

AMD Discrete VGA Driver for Windows 10 64-bit (Version 20H2) - ThinkStation P350: before 31.0.21916.4001

AMD Discrete VGA Driver for Windows 10 64-bit (Version 20H2) - ThinkStation P340: before 31.0.21916.4001

AMD Discrete VGA Driver for Windows 10 64-bit (Version 2004) - ThinkStation P340: before 31.0.21916.4001

CPE2.3

• cpe:2.3:h:lenovo:thinkstation_p358_workstation:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:thinkstation_p620_workstation:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:thinkstation_p360_ultra_workstation:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:thinkstation_p7_intel_workstation:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:thinkstation_p5_workstation:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:thinkstation_p920_workstation:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:thinkstation_p720_workstation:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:thinkstation_p520c_workstation:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:thinkstation_p520_workstation:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:thinkstation_p360_workstation:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:thinkstation_p350_workstation:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:thinkstation_p348_workstation:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:thinkstation_p3_tower_workstation:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:thinkstation_p340_workstation:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_graphic_driver_for_wx3200_for_windows_10_version_22h2_11_version_22h2_or_later_-_thinkstation_p920_p720_p520_p520c:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_legacy_driver_for_windows_10-64-bit_version_1909_-_thinkstation_p520_p520c_p720_p920:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_driver_for_windows_10_rs4_64-bit_-_thinkstation_p520_p520c_p720_p920:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_driver_for_windows_10_version_20h2_-_thinkstation_p920_p720_p520_p520c:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_driver_for_windows_10_version_2004_-_thinkstation_p520_p520c_p720_p920:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphic_driver_for_windows_10_version_21h2_11_version_21h2_or_later_-_thinkstation_p520_p520c_p720_p920:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_driver_for_windows_10_version_22h2_-_thinkstation_p360:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_driver_radeon_w6400_for_windows_10_version_20h2_21h1_21h2_-_thinkstation_p360:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_driver_for_windows_11_version_21h2_10_version_21h2_-_thinkstation_p360_ultra:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_driver_for_windows_10_iot_-_thinkstation_p360_ultra:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_driver_for_w6400_for_windows_10_version_21h2-_thinkstation_p360_ultra:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_driver_for_windows_11_version_21h2_10_version_21h2_-_thinkstation_p358:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_vga_driver_for_windows_10_64-bit_version_20h2_-_thinkstation_p348:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_driver_for_windows_11_version_21h2_or_later_-_thinkstation_p348:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_driver_for_windows_10_version_21h2_-_thinkstation_p348:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_driver_for_windows_10_version_21h2_22h2_11_version_21h2_22h2_23h2_-_thinkstation_p3:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_driver_for_windows_10_version_21h1_11_version_21h2_or_later_-_thinkstation_p350:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_driver_radeon_w6400_for_windows_10_version_21h2_11_version_21h2_-_thinkstation_p348:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_driver_for_windows_11_version_21h2_or_later_-_thinkstation_p340:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_driver_for_windows_10_version_21h2_-_thinkstation_p340:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_driver_for_windows_10_version_21h2_11_version_21h2_22h2_-_thinkstation_p7_intel:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_vga_driver_for_windows_11_version_22h2_-_thinkstation_p620:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_driver_for_windows_10_version_21h2_11_version_21h2_22h2_-_thinkstation_p5:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_driver_for_w6400_for_windows_10_version_21h2_22h2_or_later_-_thinkstation_p360_ultra:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_graphics_driver_for_windows_11_version_22h2_or_later_10_version_22h2_-_thinkstation_p358:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_vga_driver_for_windows_10_64-bit_version_20h2_-_thinkstation_p350:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_vga_driver_for_windows_10_64-bit_version_20h2_-_thinkstation_p340:*:*:*:*:*:*:*:*
• cpe:2.3:h:lenovo:amd_discrete_vga_driver_for_windows_10_64-bit_version_2004_-_thinkstation_p340:*:*:*:*:*:*:*:*

External links

https://support.lenovo.com/us/en/product_security/LEN-142133

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.