CVE-2023-20568

CWE-3473 documents3 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 91.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Radeon Software Intel Radeon RX Vega M Firmware AMD Radeon™ PRO W5000/w6000/w7000 Series Graphics Cards +3 more

Timeline

PublishedNov 14

Description

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5amd/radeon™_rx_vega_series_graphics_cardsvarious

▶CVEListV5amd/radeon™_pro_wx_vega_series_graphics_cardsvarious

▶NVDintel/radeon_rx_vega_m_firmware< 23.10.01.46

▶CVEListV5amd/radeon™_rx_5000/6000/7000_series_graphics_cardsvarious

▶CVEListV5amd/radeon™_pro_w5000/w6000/w7000_series_graphics_cardsvarious

🔴Vulnerability Details

CVEList

CVE-2023-20568: Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstalle↗2023-11-14

▶

GHSA

GHSA-cqgf-g3qq-hhxw: Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstalle↗2023-11-14

▶