CVE-2023-20567 - Vulnerability Details

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00028.

Key SSVC decision points have not yet been added.

Vendors	Products
Amd Subscribe	Radeon Pro Vega 56 Subscribe Radeon Pro Vega 56 Firmware Subscribe Radeon Pro Vega 64 Subscribe Radeon Pro Vega 64 Firmware Subscribe Radeon Pro W5500 Subscribe Radeon Pro W5500x Subscribe Radeon Pro W5700 Subscribe Radeon Pro W5700x Subscribe Radeon Pro W6300 Subscribe Radeon Pro W6300m Subscribe Radeon Pro W6400 Subscribe Radeon Pro W6500m Subscribe Radeon Pro W6600 Subscribe Radeon Pro W6600m Subscribe Radeon Pro W6600x Subscribe Radeon Pro W6800 Subscribe Radeon Pro W6800x Subscribe Radeon Pro W6800x Duo Subscribe Radeon Pro W6900x Subscribe Radeon Pro W7500 Subscribe Radeon Pro W7600 Subscribe Radeon Pro W7800 Subscribe Radeon Rx 5300 Subscribe Radeon Rx 5300 Xt Subscribe Radeon Rx 5300m Subscribe Radeon Rx 5500 Subscribe Radeon Rx 5500 Xt Subscribe Radeon Rx 5500m Subscribe Radeon Rx 5600 Subscribe Radeon Rx 5600 Xt Subscribe Radeon Rx 5600m Subscribe Radeon Rx 5700 Subscribe Radeon Rx 5700 Xt Subscribe Radeon Rx 5700m Subscribe Radeon Rx 6300m Subscribe Radeon Rx 6400 Subscribe Radeon Rx 6450m Subscribe Radeon Rx 6500 Xt Subscribe Radeon Rx 6500m Subscribe Radeon Rx 6550m Subscribe Radeon Rx 6550s Subscribe Radeon Rx 6600 Subscribe Radeon Rx 6600 Xt Subscribe Radeon Rx 6600m Subscribe Radeon Rx 6600s Subscribe Radeon Rx 6650 Xt Subscribe Radeon Rx 6650m Subscribe Radeon Rx 6650m Xt Subscribe Radeon Rx 6700 Subscribe Radeon Rx 6700 Xt Subscribe Radeon Rx 6700m Subscribe Radeon Rx 6700s Subscribe Radeon Rx 6800 Subscribe Radeon Rx 6800 Xt Subscribe Radeon Rx 6800m Subscribe Radeon Rx 6800s Subscribe Radeon Rx 6850m Xt Subscribe Radeon Rx 6900 Xt Subscribe Radeon Rx 6950 Xt Subscribe Radeon Rx 7600 Subscribe Radeon Rx 7600m Subscribe Radeon Rx 7600m Xt Subscribe Radeon Rx 7600s Subscribe Radeon Rx 7700 Xt Subscribe Radeon Rx 7700s Subscribe Radeon Rx 7800 Xt Subscribe Radeon Rx 7900 Gre Subscribe Radeon Rx 7900 Xt Subscribe Radeon Rx 7900 Xtx Subscribe Radeon Rx 7900m Subscribe Radeon Rx Vega 56 Subscribe Radeon Rx Vega 56 Firmware Subscribe Radeon Rx Vega 64 Subscribe Radeon Rx Vega 64 Firmware Subscribe Radeon Software Subscribe Ryzen 3 3015ce Subscribe Ryzen 3 3015e Subscribe Ryzen 3 4100 Subscribe Ryzen 3 4300g Subscribe Ryzen 3 4300ge Subscribe Ryzen 3 4300u Subscribe Ryzen 3 5300g Subscribe Ryzen 3 5300ge Subscribe Ryzen 3 5300u Subscribe Ryzen 5 4500 Subscribe Ryzen 5 4500u Subscribe Ryzen 5 4600g Subscribe Ryzen 5 4600ge Subscribe Ryzen 5 4600h Subscribe Ryzen 5 4600hs Subscribe Ryzen 5 4600u Subscribe Ryzen 5 4680u Subscribe Ryzen 5 5500h Subscribe Ryzen 5 5500u Subscribe Ryzen 5 5600g Subscribe Ryzen 5 5600ge Subscribe Ryzen 5 Pro 3200g Subscribe Ryzen 5 Pro 3200ge Subscribe Ryzen 5 Pro 3350g Subscribe Ryzen 5 Pro 3350ge Subscribe Ryzen 5 Pro 3400g Subscribe Ryzen 5 Pro 3400ge Subscribe Ryzen 7 4700g Subscribe Ryzen 7 4700ge Subscribe Ryzen 7 4700u Subscribe Ryzen 7 4800h Subscribe Ryzen 7 4800hs Subscribe Ryzen 7 4980u Subscribe Ryzen 7 5700g Subscribe Ryzen 7 5700ge Subscribe Ryzen 7 5700u Subscribe Ryzen 9 4900h Subscribe Ryzen 9 4900hs Subscribe
Intel Subscribe	Core I5-8305g Subscribe Core I7-8705g Subscribe Core I7-8706g Subscribe Core I7-8709g Subscribe Nuc 8 Enthusiast Nuc8i7hnkqc Subscribe Nuc 8 Enthusiast Nuc8i7hvkva Subscribe Nuc 8 Enthusiast Nuc8i7hvkvaw Subscribe Nuc Kit Nuc8i7hnk Subscribe Nuc Kit Nuc8i7hvk Subscribe Radeon Rx Vega M Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:intel:radeon_rx_vega_m_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:core_i5-8305g:-:::::::*
	cpe:2.3:h:intel:core_i7-8705g:-:::::::*
	cpe:2.3:h:intel:core_i7-8706g:-:::::::*
	cpe:2.3:h:intel:core_i7-8709g:-:::::::*
	cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hnkqc:-:::::::*
	cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hvkva:-:::::::*
	cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hvkvaw:-:::::::*
	cpe:2.3:h:intel:nuc_kit_nuc8i7hnk:-:::::::*
	cpe:2.3:h:intel:nuc_kit_nuc8i7hvk:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:a:amd:radeon_software:*:*:*:*:adrenalin:*:*:*

OR	cpe:2.3:h:amd:radeon_rx_5300:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5300_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5300m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5500:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5500_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5500m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5600:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5600_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5600m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5700:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5700_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5700m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6300m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6400:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6450m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6500_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6500m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6550m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6550s:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6600:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6600_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6600m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6600s:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6650_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6650m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6650m_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6700:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6700_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6700m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6700s:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6800:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6800_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6800m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6800s:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6850m_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6900_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6950_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7600:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7600m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7600m_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7600s:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7700_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7700s:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7800_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7900_gre:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7900_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7900_xtx:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7900m:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:a:amd:radeon_software:*:*:*:*:pro:*:*:*

OR	cpe:2.3:h:amd:radeon_pro_w5500:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w5500x:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w5700:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w5700x:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6300:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6300m:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6400:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6500m:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6600:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6600m:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6600x:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6800:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6800x:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6800x_duo:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6900x:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w7500:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w7600:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w7800:-:::::::*

Configuration 4 [-]

AND

cpe:2.3:o:amd:radeon_rx_vega_56_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:radeon_rx_vega_56:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:amd:radeon_rx_vega_64_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:radeon_rx_vega_64:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:amd:radeon_pro_vega_56_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:radeon_pro_vega_56:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:amd:radeon_pro_vega_64_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:radeon_pro_vega_64:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

OR	cpe:2.3:a:amd:radeon_software:::::adrenalin:::*
	cpe:2.3:a:amd:radeon_software:::::pro:::*

OR	cpe:2.3:h:amd:ryzen_3_3015ce:-:::::::*
	cpe:2.3:h:amd:ryzen_3_3015e:-:::::::*
	cpe:2.3:h:amd:ryzen_3_4100:-:::::::*
	cpe:2.3:h:amd:ryzen_3_4300g:-:::::::*
	cpe:2.3:h:amd:ryzen_3_4300ge:-:::::::*
	cpe:2.3:h:amd:ryzen_3_4300u:-:::::::*
	cpe:2.3:h:amd:ryzen_3_5300g:-:::::::*
	cpe:2.3:h:amd:ryzen_3_5300ge:-:::::::*
	cpe:2.3:h:amd:ryzen_3_5300u:-:::::::*
	cpe:2.3:h:amd:ryzen_5_4500:-:::::::*
	cpe:2.3:h:amd:ryzen_5_4500u:-:::::::*
	cpe:2.3:h:amd:ryzen_5_4600g:-:::::::*
	cpe:2.3:h:amd:ryzen_5_4600ge:-:::::::*
	cpe:2.3:h:amd:ryzen_5_4600h:-:::::::*
	cpe:2.3:h:amd:ryzen_5_4600hs:-:::::::*
	cpe:2.3:h:amd:ryzen_5_4600u:-:::::::*
	cpe:2.3:h:amd:ryzen_5_4680u:-:::::::*
	cpe:2.3:h:amd:ryzen_5_5500h:-:::::::*
	cpe:2.3:h:amd:ryzen_5_5500u:-:::::::*
	cpe:2.3:h:amd:ryzen_5_5600g:-:::::::*
	cpe:2.3:h:amd:ryzen_5_5600ge:-:::::::*
	cpe:2.3:h:amd:ryzen_5_pro_3200g:-:::::::*
	cpe:2.3:h:amd:ryzen_5_pro_3200ge:-:::::::*
	cpe:2.3:h:amd:ryzen_5_pro_3350g:-:::::::*
	cpe:2.3:h:amd:ryzen_5_pro_3350ge:-:::::::*
	cpe:2.3:h:amd:ryzen_5_pro_3400g:-:::::::*
	cpe:2.3:h:amd:ryzen_5_pro_3400ge:-:::::::*
	cpe:2.3:h:amd:ryzen_7_4700g:-:::::::*
	cpe:2.3:h:amd:ryzen_7_4700ge:-:::::::*
	cpe:2.3:h:amd:ryzen_7_4700u:-:::::::*
	cpe:2.3:h:amd:ryzen_7_4800h:-:::::::*
	cpe:2.3:h:amd:ryzen_7_4800hs:-:::::::*
	cpe:2.3:h:amd:ryzen_7_4980u:-:::::::*
	cpe:2.3:h:amd:ryzen_7_5700g:-:::::::*
	cpe:2.3:h:amd:ryzen_7_5700ge:-:::::::*
	cpe:2.3:h:amd:ryzen_7_5700u:-:::::::*
	cpe:2.3:h:amd:ryzen_9_4900h:-:::::::*
	cpe:2.3:h:amd:ryzen_9_4900hs:-:::::::*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-24746	Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html

History

Thu, 13 Feb 2025 16:45:00 +0000

Type	Values Removed	Values Added
Description	Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.	Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2023-11-14T18:51:25.340Z

Updated: 2025-02-13T16:39:47.219Z

Reserved: 2022-10-27T18:53:39.753Z

Link: CVE-2023-20567

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-14T19:15:15.880

Modified: 2025-02-13T17:16:01.443

Link: CVE-2023-20567

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-347

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Projects

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object