#VU96631 Input validation error in AMD products - CVE-2023-20509
Published: August 30, 2024
Vulnerability identifier: #VU96631
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-20509
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
AMD Radeon PRO V520
AMD Radeon PRO V620
AMD Instinct MI200
Radeon RX 6000 Series
Radeon PRO W6000 Series
Radeon RX 7000 Series
Radeon PRO W7000 Series
AMD Radeon PRO V520
AMD Radeon PRO V620
AMD Instinct MI200
Radeon RX 6000 Series
Radeon PRO W6000 Series
Radeon RX 7000 Series
Radeon PRO W7000 Series
Software vendor:
AMD
AMD
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of DRAM addresses in PMFW. A local user can perform a DMA read from an invalid DRAM address to SRAM and escalate privileges on the system.
Remediation
Install updates from vendor's website.