JVNVU#97149791
Advanced Micro Devices Windows kernel drivers vulnerable to insufficient access control on its IOCTL
Overview
Multiple Windows kernel drivers provided by Advanced Micro Devices Inc. are vulnerable to insufficient access control on its IOCTL.
Products Affected
- AMD Software Adrenalin Edition versions prior to 23.9.2 included in the following products
- Graphics Cards
- AMD Radeon(tm) RX 5000 Series Graphics Cards
- AMD Radeon(tm) RX 6000 Series Graphics Cards
- AMD Radeon(tm) RX 7000 Series Graphics Cards
- Client Processors
- AMD Ryzen(tm) 7045 Series Processors with Radeon(tm) Graphics
- AMD Ryzen(tm) 7020 Series Processors with Radeon(tm) Graphics
- AMD Ryzen(tm) 7040 Series Processors with Radeon(tm) Graphics
- AMD Ryzen(tm) 7000 Series Processors with Radeon(tm) Graphics
- AMD Ryzen(tm) 6000 Series Processors with Radeon(tm) Graphics
- AMD Ryzen(tm) 7035 Series Processors with Radeon(tm) Graphics
- Graphics Cards
- AMD Software PRO Edition versions prior to 23.Q4 included in the following products
- Graphics Cards
- AMD Radeon(tm) PRO W5000 Series Graphics Cards
- AMD Radeon(tm) PRO W6000 Series Graphics Cards
- AMD Radeon(tm) PRO W7000 Series Graphics Cards
- Client Processors
- AMD Ryzen(tm) 7045 Series Processors with Radeon(tm) Graphics
- AMD Ryzen(tm) 7020 Series Processors with Radeon(tm) Graphics
- AMD Ryzen(tm) 7040 Series Processors with Radeon(tm) Graphics
- AMD Ryzen(tm) 7000 Series Processors with Radeon(tm) Graphics
- AMD Ryzen(tm) 6000 Series Processors with Radeon(tm) Graphics
- AMD Ryzen(tm) 7035 Series Processors with Radeon(tm) Graphics
- Graphics Cards
Description
Multiple Windows kernel drivers provided by Advanced Micro Devices Inc. are vulnerable to insufficient access control on its IOCTL (CWE-782, CVE-2023-20598).
Impact
By sending a specific IOCTL request, an attacker without the system privilege for the product may perform input/output to any hardware ports or physical/virtual addresses. As a result, the firmware may be deleted or altered, and/or a privilege escalation may be caused.
Solution
Update the Device Driver
Update the device driver to the latest version according to the information provided by the developer.
Vendor Status
Vendor | Link |
Advanced Micro Devices Inc. | AMD Radeon(tm) Graphics Kernel Driver Privilege Management Vulnerability |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
---|---|---|---|---|
Attack Complexity(AC) | High (H) | Low (L) | ||
Privileges Required(PR) | High (H) | Low (L) | None (N) | |
User Interaction(UI) | Required (R) | None (N) | ||
Scope(S) | Unchanged (U) | Changed (C) | ||
Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
Integrity Impact(I) | None (N) | Low (L) | High (H) | |
Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Takahiro Haruyama of VMware reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.