CVE-2023-20567

EUVD-2023-24746
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
intelradeon_rx_vega_m_firmware
𝑥
< 23.10.01.46
amdradeon_software
𝑥
< 23.7.1
amdradeon_software
𝑥
< 23.q3
amdradeon_rx_vega_56_firmware
-
amdradeon_rx_vega_64_firmware
-
amdradeon_pro_vega_56_firmware
-
amdradeon_pro_vega_64_firmware
-
amdradeon_software
𝑥
< 23.7.1
amdradeon_software
𝑥
< 23.q3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html