CVE-2023-20598

7.8HIGH

Key Information

Vendor: Amd
Status: Radeon™ Rx 5000 Series Graphics Cards; Radeon™ Rx 6000 Series Graphics Cards; Radeon™ Rx 7000 Series Graphics Cards; Radeon™ Pro W5000 Series Graphics Cards
Vendor: CVE Published:; 17 October 2023

Badges

👾 Exploit Exists🔴 Public PoC

Summary

An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.

Affected Version(s)

Radeon™ RX 5000 Series Graphics Cards <= various

Radeon™ RX 6000 Series Graphics Cards <= various

Radeon™ RX 7000 Series Graphics Cards <= various

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-20598-PDFWKRNL
Created by H4rk3nz0

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Jun 28, 2024
Vulnerability published.
Oct 17, 2023
Vulnerability Reserved.
Oct 27, 2022

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)