Vulnerability Description
An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amd | Radeon Software | < 23.9.2 |
| Amd | Radeon Rx 5300 | - |
| Amd | Radeon Rx 5300 Xt | - |
| Amd | Radeon Rx 5300M | - |
| Amd | Radeon Rx 5500 | - |
| Amd | Radeon Rx 5500 Xt | - |
| Amd | Radeon Rx 5500M | - |
| Amd | Radeon Rx 5600 | - |
| Amd | Radeon Rx 5600 Xt | - |
| Amd | Radeon Rx 5600M | - |
| Amd | Radeon Rx 5700 | - |
| Amd | Radeon Rx 5700 Xt | - |
| Amd | Radeon Rx 5700M | - |
| Amd | Radeon Rx 6300M | - |
| Amd | Radeon Rx 6400 | - |
| Amd | Radeon Rx 6450M | - |
| Amd | Radeon Rx 6500 Xt | - |
| Amd | Radeon Rx 6500M | - |
| Amd | Radeon Rx 6550M | - |
| Amd | Radeon Rx 6550S | - |
Related Weaknesses (CWE)
References
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6009Vendor Advisory
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6009Vendor Advisory
FAQ
What is CVE-2023-20598?
CVE-2023-20598 is a vulnerability with a CVSS score of 7.8 (HIGH). An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addre...
How severe is CVE-2023-20598?
CVE-2023-20598 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-20598?
Check the references section above for vendor advisories and patch information. Affected products include: Amd Radeon Software, Amd Radeon Rx 5300, Amd Radeon Rx 5300 Xt, Amd Radeon Rx 5300M, Amd Radeon Rx 5500.