6.7
MEDIUM
CVE-2023-20568
"AMD Radeon RX Vega M Graphics Driver Signature Spoofing Vulnerability"
Description

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.

INFO

Published Date :

Nov. 14, 2023, 7:15 p.m.

Last Modified :

Nov. 21, 2024, 7:41 a.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

0.8
Affected Products

The following products are affected by CVE-2023-20568 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Amd radeon_software
2 Amd radeon_rx_vega_56_firmware
3 Amd radeon_rx_vega_64_firmware
4 Amd radeon_pro_vega_56_firmware
5 Amd radeon_pro_vega_64_firmware
6 Amd ryzen_7_5700g
7 Amd ryzen_7_5700ge
8 Amd ryzen_5_5600g
9 Amd ryzen_5_5600ge
10 Amd ryzen_3_5300g
11 Amd ryzen_3_5300ge
12 Amd ryzen_7_5700u
13 Amd ryzen_5_5500u
14 Amd ryzen_3_5300u
15 Amd ryzen_5_pro_3400g
16 Amd ryzen_5_pro_3400ge
17 Amd ryzen_5_pro_3350g
18 Amd ryzen_5_pro_3350ge
19 Amd ryzen_7_4700g
20 Amd ryzen_7_4700ge
21 Amd ryzen_5_4600g
22 Amd ryzen_5_4600ge
23 Amd ryzen_3_4300g
24 Amd ryzen_3_4300ge
25 Amd ryzen_9_4900h
26 Amd ryzen_9_4900hs
27 Amd ryzen_7_4800hs
28 Amd ryzen_7_4800h
29 Amd ryzen_7_4700u
30 Amd ryzen_7_4980u
31 Amd ryzen_5_4600h
32 Amd ryzen_5_4600hs
33 Amd ryzen_5_4500u
34 Amd ryzen_5_4600u
35 Amd ryzen_5_4680u
36 Amd ryzen_3_4300u
37 Amd ryzen_5_5500h
38 Amd radeon_rx_5300
39 Amd radeon_rx_5300_xt
40 Amd radeon_rx_5300m
41 Amd radeon_rx_5500
42 Amd radeon_rx_5500_xt
43 Amd radeon_rx_5500m
44 Amd radeon_rx_5600
45 Amd radeon_rx_5600_xt
46 Amd radeon_rx_5600m
47 Amd radeon_rx_5700
48 Amd radeon_rx_5700_xt
49 Amd radeon_rx_5700m
50 Amd radeon_rx_6300m
51 Amd radeon_rx_6400
52 Amd radeon_rx_6450m
53 Amd radeon_rx_6500_xt
54 Amd radeon_rx_6500m
55 Amd radeon_rx_6550m
56 Amd radeon_rx_6550s
57 Amd radeon_rx_6600
58 Amd radeon_rx_6600_xt
59 Amd radeon_rx_6600m
60 Amd radeon_rx_6600s
61 Amd radeon_rx_6650_xt
62 Amd radeon_rx_6650m
63 Amd radeon_rx_6650m_xt
64 Amd radeon_rx_6700
65 Amd radeon_rx_6700_xt
66 Amd radeon_rx_6700m
67 Amd radeon_rx_6700s
68 Amd radeon_rx_6800
69 Amd radeon_rx_6800_xt
70 Amd radeon_rx_6800s
71 Amd radeon_rx_6900_xt
72 Amd radeon_rx_6950_xt
73 Amd radeon_rx_7600
74 Amd radeon_rx_7600m
75 Amd radeon_rx_7600m_xt
76 Amd radeon_rx_7600s
77 Amd radeon_rx_7700_xt
78 Amd radeon_rx_7700s
79 Amd radeon_rx_7800_xt
80 Amd radeon_rx_7900_gre
81 Amd radeon_rx_7900_xt
82 Amd radeon_rx_7900_xtx
83 Amd radeon_rx_7900m
84 Amd radeon_pro_w5500
85 Amd radeon_pro_w5700
86 Amd radeon_pro_w6300
87 Amd radeon_pro_w6400
88 Amd radeon_pro_w6600
89 Amd radeon_pro_w6800
90 Amd radeon_pro_w7500
91 Amd radeon_pro_w7600
92 Amd radeon_pro_w7800
93 Amd radeon_pro_w5500x
94 Amd radeon_pro_w5700x
95 Amd radeon_pro_w6300m
96 Amd radeon_pro_w6500m
97 Amd radeon_pro_w6600m
98 Amd radeon_pro_w6600x
99 Amd radeon_pro_w6800x
100 Amd radeon_pro_w6800x_duo
101 Amd radeon_pro_w6900x
102 Amd radeon_rx_6800m
103 Amd radeon_rx_6850m_xt
104 Amd radeon_rx_vega_56
105 Amd radeon_rx_vega_64
106 Amd ryzen_5_4500
107 Amd ryzen_3_4100
108 Amd radeon_pro_vega_56
109 Amd radeon_pro_vega_64
110 Amd ryzen_3_3015ce
111 Amd ryzen_3_3015e
112 Amd ryzen_5_pro_3200g
113 Amd ryzen_5_pro_3200ge
1 Intel core_i5-8305g
2 Intel core_i7-8705g
3 Intel core_i7-8706g
4 Intel core_i7-8709g
5 Intel radeon_rx_vega_m_firmware
6 Intel nuc_kit_nuc8i7hnk
7 Intel nuc_kit_nuc8i7hvk
8 Intel nuc_8_enthusiast_nuc8i7hvkva
9 Intel nuc_8_enthusiast_nuc8i7hvkvaw
10 Intel nuc_8_enthusiast_nuc8i7hnkqc
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-20568.

URL Resource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003 Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003 Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-20568 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-20568 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003
    Added Reference https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Nov. 27, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003 No Types Assigned https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003 Vendor Advisory
    Changed Reference Type https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html No Types Assigned https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html Vendor Advisory
    Added CWE NIST CWE-347
    Added CPE Configuration AND OR *cpe:2.3:o:intel:radeon_rx_vega_m_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 23.10.01.46 OR cpe:2.3:h:intel:core_i5-8305g:-:*:*:*:*:*:*:* cpe:2.3:h:intel:core_i7-8705g:-:*:*:*:*:*:*:* cpe:2.3:h:intel:core_i7-8706g:-:*:*:*:*:*:*:* cpe:2.3:h:intel:core_i7-8709g:-:*:*:*:*:*:*:* cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hnkqc:-:*:*:*:*:*:*:* cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hvkva:-:*:*:*:*:*:*:* cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hvkvaw:-:*:*:*:*:*:*:* cpe:2.3:h:intel:nuc_kit_nuc8i7hnk:-:*:*:*:*:*:*:* cpe:2.3:h:intel:nuc_kit_nuc8i7hvk:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:a:amd:radeon_software:*:*:*:*:adrenalin:*:*:* versions up to (excluding) 23.7.1 OR cpe:2.3:h:amd:radeon_rx_5300:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5300_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5300m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5500:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5500_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5500m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5600:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5600_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5600m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5700:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5700_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5700m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6300m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6400:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6450m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6500_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6500m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6550m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6550s:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6600:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6600_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6600m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6600s:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6650_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6650m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6650m_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6700:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6700_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6700m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6700s:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6800:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6800_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6800m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6800s:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6850m_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6900_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6950_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7600:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7600m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7600m_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7600s:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7700_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7700s:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7800_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7900_gre:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7900_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7900_xtx:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7900m:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:a:amd:radeon_software:*:*:*:*:pro:*:*:* versions up to (excluding) 23.q3 OR cpe:2.3:h:amd:radeon_pro_w5500:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w5500x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w5700:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w5700x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6300:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6300m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6400:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6500m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6600:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6600m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6600x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6800:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6800x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6800x_duo:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6900x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w7500:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w7600:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w7800:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:radeon_rx_vega_56_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:radeon_rx_vega_56:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:radeon_rx_vega_64_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:radeon_rx_vega_64:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:radeon_pro_vega_56_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:radeon_pro_vega_56:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:radeon_pro_vega_64_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:radeon_pro_vega_64:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:a:amd:radeon_software:*:*:*:*:adrenalin:*:*:* versions up to (excluding) 23.7.1 *cpe:2.3:a:amd:radeon_software:*:*:*:*:pro:*:*:* versions up to (excluding) 23.q3 OR cpe:2.3:h:amd:ryzen_3_3015ce:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_3_3015e:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_3_4100:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_3_4300g:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_3_4300ge:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_3_4300u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_3_5300g:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_3_5300ge:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_3_5300u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_4500:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_4500u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_4600g:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_4600ge:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_4600h:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_4600hs:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_4600u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_4680u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_5500h:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_5500u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_5600g:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_5600ge:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_pro_3200g:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_pro_3200ge:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_pro_3350g:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_pro_3350ge:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_pro_3400g:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_pro_3400ge:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_4700g:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_4700ge:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_4700u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_4800h:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_4800hs:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_4980u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_5700g:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_5700ge:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_5700u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_4900h:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_4900hs:-:*:*:*:*:*:*:*
  • CVE Received by [email protected]

    Nov. 14, 2023

    Action Type Old Value New Value
    Added Description Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
    Added Reference Advanced Micro Devices Inc. https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003 [No types assigned]
    Added Reference Advanced Micro Devices Inc. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-20568 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-20568 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.05712

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability