AMD Warns of High-Risk Vulnerability in Graphics Drivers

AMD Ryzen Vulnerability

The processor manufacturer AMD has disclosed a high-risk security vulnerability affecting certain graphics drivers for Radeon graphics chips.  The vulnerability tracked as CVE-2023-20598, impacts both integrated GPUs in AMD processors and dedicated Radeon GPUs used in graphics cards.

According to AMD's advisory, the vulnerability is caused by improper access control in the AMD Radeon kernel driver. This could allow an attacker to gain elevated privileges and execute arbitrary code if they can authenticate locally on an affected system.

The vulnerable drivers affect Radeon GPUs in the RX 5000, 6000 and 7000 series. AMD has released patched drivers, including Radeon Software Adrenalin version 23.9.2. Patches for AMD Ryzen chips with integrated GPUs are also available in the latest drivers.

The list of affected processors is a bit confusing, but AMD Ryzen of the 6000 series as well as the 7000 series with integrated GPU are vulnerable.

Types Platform Release Version
Graphics Cards AMD Radeon™ RX 5000 Series Graphics Cards
AMD Radeon™ RX 6000 Series Graphics Cards
AMD Radeon™ RX 7000 Series Graphics Cards
AMD Software: Adrenalin Edition 23.9.2
(23.20.11.01)
(2023-09-19)
AMD Radeon™ PRO W5000 Series Graphics Cards
AMD Radeon™ PRO W6000 Series Graphics Cards
AMD Radeon™ PRO W7000 Series Graphics Cards
AMD Software: PRO Edition 23.Q4
(23.30.xx)
(Target Nov 2023)
Client Processors AMD Ryzen™ 7045 Series Processors with Radeon™ Graphics
AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics
AMD Software: Adrenalin Edition 23.9.2
(23.20.11.01)
(2023-09-19)
AMD Ryzen™ 7000 Series Processors with Radeon™ Graphics
AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMD Software: PRO Edition 23.Q4
(23.30.xx)
(Target Nov 2023)

According to AMD's advisory, Ryzen 6000 and 7000 series processors are affected, as well as Ryzen 7020, 7035, 7040 and 7045 models. AMD is urging users to update to the latest patched drivers as soon as possible to mitigate the risk.

While AMD chips have suffered side-channel attacks in the past, vulnerabilities in graphics drivers are less common. The disclosure serves as an important reminder to keep GPU drivers up-to-date to prevent potential local privilege escalation. AMD has provided patches, but users should apply them promptly given the high severity.

Read Also
Post a Comment