CVE-2023-20567

CWE-3475 documents4 sources
Severity
6.7MEDIUM
EPSS
0.0%
top 91.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
AMD Radeon SoftwareIntel Radeon RX Vega M FirmwareAMD Radeon™ PRO W5000/w6000/w7000 Series Graphics Cards+3 more
Timeline
PublishedNov 14
Latest updateMar 21

Description

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages6 packages

🔴Vulnerability Details

4
OSV
linux-aws vulnerabilities2024-03-21
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2024-03-18
CVEList
CVE-2023-20567: Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareIns2023-11-14
GHSA
GHSA-x8xw-jc3c-cx53: Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareIns2023-11-14
CVE-2023-20567 (MEDIUM CVSS 6.7) | Improper signature verification of | cvebase.io