AMD Warns of High-Risk Vulnerability in Graphics Drivers

The processor manufacturer AMD has disclosed a high-risk security vulnerability affecting certain graphics drivers for Radeon graphics chips.  The vulnerability tracked as CVE-2023-20598, impacts both integrated GPUs in AMD processors and dedicated Radeon GPUs used in graphics cards.

According to AMD's advisory, the vulnerability is caused by improper access control in the AMD Radeon kernel driver. This could allow an attacker to gain elevated privileges and execute arbitrary code if they can authenticate locally on an affected system.

The vulnerable drivers affect Radeon GPUs in the RX 5000, 6000 and 7000 series. AMD has released patched drivers, including Radeon Software Adrenalin version 23.9.2. Patches for AMD Ryzen chips with integrated GPUs are also available in the latest drivers.

The list of affected processors is a bit confusing, but AMD Ryzen of the 6000 series as well as the 7000 series with integrated GPU are vulnerable.

According to AMD's advisory, Ryzen 6000 and 7000 series processors are affected, as well as Ryzen 7020, 7035, 7040 and 7045 models. AMD is urging users to update to the latest patched drivers as soon as possible to mitigate the risk.

While AMD chips have suffered side-channel attacks in the past, vulnerabilities in graphics drivers are less common. The disclosure serves as an important reminder to keep GPU drivers up-to-date to prevent potential local privilege escalation. AMD has provided patches, but users should apply them promptly given the high severity.