Improper Privilege Management in AMD Radeon™ Graphics Driver
CVE-2023-20598

7.8HIGH

Key Information:

Vendor: Amd
Status: Radeon™ Rx 5000 Series Graphics Cards; Radeon™ Rx 6000 Series Graphics Cards; Radeon™ Rx 7000 Series Graphics Cards; Radeon™ Pro W5000 Series Graphics Cards
Vendor: CVE Published:; 17 October 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The AMD Radeon™ Graphics Driver contains an improper privilege management flaw. This vulnerability allows a specially authenticated attacker to craft an IOCTL request that can gain unauthorized access to I/O control of arbitrary hardware ports or physical addresses. This situation could potentially lead to arbitrary code execution, posing significant risks to system integrity and security.

Affected Version(s)

Ryzen™ 7020 Series Processors with Radeon™ Graphics Windows various

Radeon™ PRO W5000 Series Graphics Cards Windows Various

Radeon™ PRO W6000 Series Graphics Cards Windows various

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-20598-PDFWKRNL
Created by H4rk3nz0

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jun 12, 2024
👾
Exploit known to exist
Jun 12, 2024
Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Oct 27, 2022