CVE-2023-20567 - Vulnerability Details

Description

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.

Published: 2023-11-14

Score: 6.7 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

AMD

Radeon™ RX 5000/6000/7000 Series Graphics Cards

unaffected

Version	Status	Constraints
`various`	affected	—

AMD

Radeon™ PRO W5000/W6000/W7000 Series Graphics Cards

unaffected

Version	Status	Constraints
`various`	affected	—

AMD

Radeon™ RX Vega Series Graphics Cards

unaffected

Version	Status	Constraints
`various`	affected	—

AMD

Radeon™ PRO WX Vega Series Graphics Cards

unaffected

Version	Status	Constraints
`various`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:intel:radeon_rx_vega_m_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:core_i5-8305g:-:::::::*
	cpe:2.3:h:intel:core_i7-8705g:-:::::::*
	cpe:2.3:h:intel:core_i7-8706g:-:::::::*
	cpe:2.3:h:intel:core_i7-8709g:-:::::::*
	cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hnkqc:-:::::::*
	cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hvkva:-:::::::*
	cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hvkvaw:-:::::::*
	cpe:2.3:h:intel:nuc_kit_nuc8i7hnk:-:::::::*
	cpe:2.3:h:intel:nuc_kit_nuc8i7hvk:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:a:amd:radeon_software:*:*:*:*:adrenalin:*:*:*

OR	cpe:2.3:h:amd:radeon_rx_5300:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5300_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5300m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5500:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5500_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5500m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5600:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5600_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5600m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5700:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5700_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_5700m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6300m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6400:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6450m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6500_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6500m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6550m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6550s:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6600:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6600_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6600m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6600s:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6650_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6650m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6650m_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6700:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6700_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6700m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6700s:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6800:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6800_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6800m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6800s:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6850m_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6900_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_6950_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7600:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7600m:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7600m_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7600s:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7700_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7700s:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7800_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7900_gre:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7900_xt:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7900_xtx:-:::::::*
	cpe:2.3:h:amd:radeon_rx_7900m:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:a:amd:radeon_software:*:*:*:*:pro:*:*:*

OR	cpe:2.3:h:amd:radeon_pro_w5500:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w5500x:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w5700:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w5700x:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6300:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6300m:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6400:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6500m:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6600:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6600m:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6600x:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6800:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6800x:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6800x_duo:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w6900x:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w7500:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w7600:-:::::::*
	cpe:2.3:h:amd:radeon_pro_w7800:-:::::::*

Configuration 4 [-]

AND

cpe:2.3:o:amd:radeon_rx_vega_56_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:radeon_rx_vega_56:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:amd:radeon_rx_vega_64_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:radeon_rx_vega_64:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:amd:radeon_pro_vega_56_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:radeon_pro_vega_56:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:amd:radeon_pro_vega_64_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:radeon_pro_vega_64:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

OR	cpe:2.3:a:amd:radeon_software:::::adrenalin:::*
	cpe:2.3:a:amd:radeon_software:::::pro:::*

OR	cpe:2.3:h:amd:ryzen_3_3015ce:-:::::::*
	cpe:2.3:h:amd:ryzen_3_3015e:-:::::::*
	cpe:2.3:h:amd:ryzen_3_4100:-:::::::*
	cpe:2.3:h:amd:ryzen_3_4300g:-:::::::*
	cpe:2.3:h:amd:ryzen_3_4300ge:-:::::::*
	cpe:2.3:h:amd:ryzen_3_4300u:-:::::::*
	cpe:2.3:h:amd:ryzen_3_5300g:-:::::::*
	cpe:2.3:h:amd:ryzen_3_5300ge:-:::::::*
	cpe:2.3:h:amd:ryzen_3_5300u:-:::::::*
	cpe:2.3:h:amd:ryzen_5_4500:-:::::::*
	cpe:2.3:h:amd:ryzen_5_4500u:-:::::::*
	cpe:2.3:h:amd:ryzen_5_4600g:-:::::::*
	cpe:2.3:h:amd:ryzen_5_4600ge:-:::::::*
	cpe:2.3:h:amd:ryzen_5_4600h:-:::::::*
	cpe:2.3:h:amd:ryzen_5_4600hs:-:::::::*
	cpe:2.3:h:amd:ryzen_5_4600u:-:::::::*
	cpe:2.3:h:amd:ryzen_5_4680u:-:::::::*
	cpe:2.3:h:amd:ryzen_5_5500h:-:::::::*
	cpe:2.3:h:amd:ryzen_5_5500u:-:::::::*
	cpe:2.3:h:amd:ryzen_5_5600g:-:::::::*
	cpe:2.3:h:amd:ryzen_5_5600ge:-:::::::*
	cpe:2.3:h:amd:ryzen_5_pro_3200g:-:::::::*
	cpe:2.3:h:amd:ryzen_5_pro_3200ge:-:::::::*
	cpe:2.3:h:amd:ryzen_5_pro_3350g:-:::::::*
	cpe:2.3:h:amd:ryzen_5_pro_3350ge:-:::::::*
	cpe:2.3:h:amd:ryzen_5_pro_3400g:-:::::::*
	cpe:2.3:h:amd:ryzen_5_pro_3400ge:-:::::::*
	cpe:2.3:h:amd:ryzen_7_4700g:-:::::::*
	cpe:2.3:h:amd:ryzen_7_4700ge:-:::::::*
	cpe:2.3:h:amd:ryzen_7_4700u:-:::::::*
	cpe:2.3:h:amd:ryzen_7_4800h:-:::::::*
	cpe:2.3:h:amd:ryzen_7_4800hs:-:::::::*
	cpe:2.3:h:amd:ryzen_7_4980u:-:::::::*
	cpe:2.3:h:amd:ryzen_7_5700g:-:::::::*
	cpe:2.3:h:amd:ryzen_7_5700ge:-:::::::*
	cpe:2.3:h:amd:ryzen_7_5700u:-:::::::*
	cpe:2.3:h:amd:ryzen_9_4900h:-:::::::*
	cpe:2.3:h:amd:ryzen_9_4900hs:-:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-24746	Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00029.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html

History

Thu, 13 Feb 2025 16:45:00 +0000

Type	Values Removed	Values Added
Description	Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.	Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.

Subscriptions

Amd Radeon Pro Vega 56 Radeon Pro Vega 56 Firmware Radeon Pro Vega 64 Radeon Pro Vega 64 Firmware Radeon Pro W5500 Radeon Pro W5500x Radeon Pro W5700 Radeon Pro W5700x Radeon Pro W6300 Radeon Pro W6300m Radeon Pro W6400 Radeon Pro W6500m Radeon Pro W6600 Radeon Pro W6600m Radeon Pro W6600x Radeon Pro W6800 Radeon Pro W6800x Radeon Pro W6800x Duo Radeon Pro W6900x Radeon Pro W7500 Radeon Pro W7600 Radeon Pro W7800 Radeon Rx 5300 Radeon Rx 5300 Xt Radeon Rx 5300m Radeon Rx 5500 Radeon Rx 5500 Xt Radeon Rx 5500m Radeon Rx 5600 Radeon Rx 5600 Xt Radeon Rx 5600m Radeon Rx 5700 Radeon Rx 5700 Xt Radeon Rx 5700m Radeon Rx 6300m Radeon Rx 6400 Radeon Rx 6450m Radeon Rx 6500 Xt Radeon Rx 6500m Radeon Rx 6550m Radeon Rx 6550s Radeon Rx 6600 Radeon Rx 6600 Xt Radeon Rx 6600m Radeon Rx 6600s Radeon Rx 6650 Xt Radeon Rx 6650m Radeon Rx 6650m Xt Radeon Rx 6700 Radeon Rx 6700 Xt Radeon Rx 6700m Radeon Rx 6700s Radeon Rx 6800 Radeon Rx 6800 Xt Radeon Rx 6800m Radeon Rx 6800s Radeon Rx 6850m Xt Radeon Rx 6900 Xt Radeon Rx 6950 Xt Radeon Rx 7600 Radeon Rx 7600m Radeon Rx 7600m Xt Radeon Rx 7600s Radeon Rx 7700 Xt Radeon Rx 7700s Radeon Rx 7800 Xt Radeon Rx 7900 Gre Radeon Rx 7900 Xt Radeon Rx 7900 Xtx Radeon Rx 7900m Radeon Rx Vega 56 Radeon Rx Vega 56 Firmware Radeon Rx Vega 64 Radeon Rx Vega 64 Firmware Radeon Software Ryzen 3 3015ce Ryzen 3 3015e Ryzen 3 4100 Ryzen 3 4300g Ryzen 3 4300ge Ryzen 3 4300u Ryzen 3 5300g Ryzen 3 5300ge Ryzen 3 5300u Ryzen 5 4500 Ryzen 5 4500u Ryzen 5 4600g Ryzen 5 4600ge Ryzen 5 4600h Ryzen 5 4600hs Ryzen 5 4600u Ryzen 5 4680u Ryzen 5 5500h Ryzen 5 5500u Ryzen 5 5600g Ryzen 5 5600ge Ryzen 5 Pro 3200g Ryzen 5 Pro 3200ge Ryzen 5 Pro 3350g Ryzen 5 Pro 3350ge Ryzen 5 Pro 3400g Ryzen 5 Pro 3400ge Ryzen 7 4700g Ryzen 7 4700ge Ryzen 7 4700u Ryzen 7 4800h Ryzen 7 4800hs Ryzen 7 4980u Ryzen 7 5700g Ryzen 7 5700ge Ryzen 7 5700u Ryzen 9 4900h Ryzen 9 4900hs

Intel Core I5-8305g Core I7-8705g Core I7-8706g Core I7-8709g Nuc 8 Enthusiast Nuc8i7hnkqc Nuc 8 Enthusiast Nuc8i7hvkva Nuc 8 Enthusiast Nuc8i7hvkvaw Nuc Kit Nuc8i7hnk Nuc Kit Nuc8i7hvk Radeon Rx Vega M Firmware

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2023-11-14T18:51:25.340Z

Updated: 2025-02-13T16:39:47.219Z

Reserved: 2022-10-27T18:53:39.753Z

Link: CVE-2023-20567

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-14T19:15:15.880

Modified: 2025-02-13T17:16:01.443

Link: CVE-2023-20567

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-347

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object