CVE-2023-20568

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AMDCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
intelradeon_rx_vega_m_firmware
𝑥
< 23.10.01.46
amdradeon_software
𝑥
< 23.7.1
amdradeon_software
𝑥
< 23.q3
amdradeon_rx_vega_56_firmware
-
amdradeon_rx_vega_64_firmware
-
amdradeon_pro_vega_56_firmware
-
amdradeon_pro_vega_64_firmware
-
amdradeon_software
𝑥
< 23.7.1
amdradeon_software
𝑥
< 23.q3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html