CVE-2023-20598
published 2023-10-17CVE-2023-20598: An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over…
PriorityP277high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.46%
36.5th percentile
An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| amd | radeon_pro_w5000_series_graphics_cards | — | — |
| amd | radeon_pro_w6000_series_graphics_cards | — | — |
| amd | radeon_pro_w7000_series_graphics_cards | — | — |
| amd | radeon_rx_5000_series_graphics_cards | — | — |
| amd | radeon_rx_6000_series_graphics_cards | — | — |
| amd | radeon_rx_7000_series_graphics_cards | — | — |
| amd | radeon_software | < 23.9.2 | 23.9.2 |
| amd | radeon_software | < 23.q4 | 23.q4 |
| amd | ryzen_6000_series_processors_with_radeon_graphics | — | — |
| amd | ryzen_7000_series_processors_with_radeon_graphics | — | — |
| amd | ryzen_7020_series_processors_with_radeon_graphics | — | — |
| amd | ryzen_7035_series_processors_with_radeon_graphics | — | — |
| amd | ryzen_7040_series_processors_with_radeon_graphics | — | — |
| amd | ryzen_7045_series_processors_with_radeon_graphics | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for low-privileged processes sending IOCTL requests to pdfwkrnl.sys (AMD Radeon firmware update kernel driver) — exploitation occurs during the window when the firmware update utility exposes its IOCTL interface ↗
- →Alert on non-administrator/low-privileged processes interacting with the AMD Radeon firmware update utility (pdfwkrnl.sys) via IOCTL, as the vulnerability allows a low-privileged user to exploit the driver while a privileged user is running the update tool ↗
- →Audit IOCTL calls targeting arbitrary hardware ports or physical addresses originating from non-privileged user-mode processes, which is the exploitation primitive for this CVE ↗
- ·Red Hat Enterprise Linux kernels (versions 6, 7, 8, and 9) are confirmed NOT affected; this vulnerability is specific to the Windows AMD Radeon Graphics driver (pdfwkrnl.sys) ↗
- ·The vulnerable driver is only loaded/active during execution of the AMD Radeon Software (Adrenalin Edition and PRO Edition) firmware update utility; detection windows are limited to that operational period ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cjgx-jx6j-cmg7: An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control
ghsa_unreviewed·2023-10-17
CVE-2023-20598 [HIGH] CWE-269 GHSA-cjgx-jx6j-cmg7: An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control
An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.
VulnCheck
AMD Radeon Graphics Driver IOCTL Request Vulnerability
vulncheck·2023·CVSS 7.8
CVE-2023-20598 [HIGH] AMD Radeon Graphics Driver IOCTL Request Vulnerability
AMD Radeon Graphics Driver IOCTL Request Vulnerability
An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.
Affected: amd radeon_software
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://ptsecurity.com/ru-ru/research/analytics/russia-cyberthreat-landscape-2026/#id11
Exploit PoC: https://vulncheck.com/xdb/ee95d884b8b5
Red Hat
hw: amd: AMD Radeon Graphics Kernel Driver Privilege Management Vulnerability
vendor_redhat·2023-10-16·CVSS 7.8
CVE-2023-20598 [HIGH] hw: amd: AMD Radeon Graphics Kernel Driver Privilege Management Vulnerability
hw: amd: AMD Radeon Graphics Kernel Driver Privilege Management Vulnerability
An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.
An improper privilege management flaw was found in the AMD RadeonTM Graphics driver. This issue may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses, resulting in potential arbitrary code execution.
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
No detection rules found.
No public exploits indexed.
2023-10-17
Published
Exploited in the wild