Vulnerability in Amd Radeon™ Pro W5000 Series Graphics Cards
CVE-2023-20598
An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary…
EPSS: 0.020 (83.9th percentile) — read the EPSS interpretation.
Affected products
- Amd Radeon™ Pro W5000 Series Graphics Cards — versions Various
- Amd Radeon™ Pro W6000 Series Graphics Cards — versions various
- Amd Radeon™ Pro W7000 Series Graphics Cards — versions various
- Amd Radeon™ Rx 5000 Series Graphics Cards — versions various
- Amd Radeon™ Rx 6000 Series Graphics Cards — versions various
- Amd Radeon™ Rx 7000 Series Graphics Cards — versions various
- Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics — versions various
- Amd Ryzen™ 7000 Series Processors With Radeon™ Graphics — versions various
- Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics — versions various
- Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics — versions various
Public proof-of-concept exploits
References
- www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6009 (vendor-advisory)
Frequently asked questions
- What is CVE-2023-20598?
- CVE-2023-20598 is a vulnerability in Amd Radeon™ Pro W5000 Series Graphics Cards. Published 2023-10-17.
- Is CVE-2023-20598 known to be exploited?
- 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.