[Japanese] | |
JVNDB-2023-004294 | |
Advanced Micro Devices Windows kernel drivers vulnerable to insufficient access control on its IOCTL | |
Overview | |
Multiple Windows kernel drivers provided by Advanced Micro Devices Inc. are vulnerable to insufficient access control on its IOCTL (CWE-782, CVE-2023-20598). | |
CVSS Severity (What is CVSS?) | |
CVSS V3 Severity:
Base Metrics 5.5 (Medium) [Other]
| |
Affected Products | |
| |
Advanced Micro Devices (AMD) | |
[1] - Graphics Cards * AMD Radeon(tm) RX 5000 Series Graphics Cards * AMD Radeon(tm) RX 6000 Series Graphics Cards * AMD Radeon(tm) RX 7000 Series Graphics Cards - Client Processors * AMD Ryzen(tm) 7045 Series Processors with Radeon(tm) Graphics * AMD Ryzen(tm) 7020 Series Processors with Radeon(tm) Graphics * AMD Ryzen(tm) 7040 Series Processors with Radeon(tm) Graphics * AMD Ryzen(tm) 7000 Series Processors with Radeon(tm) Graphics * AMD Ryzen(tm) 6000 Series Processors with Radeon(tm) Graphics * AMD Ryzen(tm) 7035 Series Processors with Radeon(tm) Graphics [2] - Graphics Cards * AMD Radeon(tm) PRO W5000 Series Graphics Cards * AMD Radeon(tm) PRO W6000 Series Graphics Cards * AMD Radeon(tm) PRO W7000 Series Graphics Cards - Client Processors * AMD Ryzen(tm) 7045 Series Processors with Radeon(tm) Graphics * AMD Ryzen(tm) 7020 Series Processors with Radeon(tm) Graphics * AMD Ryzen(tm) 7040 Series Processors with Radeon(tm) Graphics * AMD Ryzen(tm) 7000 Series Processors with Radeon(tm) Graphics * AMD Ryzen(tm) 6000 Series Processors with Radeon(tm) Graphics * AMD Ryzen(tm) 7035 Series Processors with Radeon(tm) Graphics | |
Impact | |
By sending a specific IOCTL request, an attacker without the system privilege for the product may perform input/output to any hardware ports or physical/virtual addresses. As a result, the firmware may be deleted or altered, and/or a privilege escalation may be caused. | |
Solution | |
[Update the Device Driver] | |
Vendor Information | |
Advanced Micro Devices (AMD) | |
CWE (What is CWE?) | |
| |
CVE (What is CVE?) | |
| |
References | |
| |
Revision History | |
|
Date Public | 2023/10/26 |
Date First Published | 2023/10/27 |
Date Last Updated | 2024/05/20 |