CVE-2023-20601

MEDIUM4.6

Description

Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds memory, potentially resulting in a denial-of-service condition.

CVSS breakdown

CVSS 4.0

Attack Vector

Local

Attack Complexity

Low

Attack Requirements

None

Privileges Required

High

User Interaction

None

Confidentiality (Vulnerable System)

None

Integrity (Vulnerable System)

None

Availability (Vulnerable System)

Low

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Affected products

AMD / AMD Radeon™ PRO VIIAMD Software: Adrenalin Edition 25.5.1 (23.19.23.01 pre-RDNA), AMD Software: PRO Edition 25.Q2 (23.19.23.01 pre-RDNA) – AMD Software: Adrenalin Edition 25.5.1 (23.19.23.01 pre-RDNA), AMD Software: PRO Edition 25.Q2 (23.19.23.01 pre-RDNA)
AMD / AMD Radeon™ VIIAMD Software: Adrenalin Edition 25.5.1 (23.19.23.01 pre-RDNA), AMD Software: PRO Edition 25.Q2 (23.19.23.01 pre-RDNA) – AMD Software: Adrenalin Edition 25.5.1 (23.19.23.01 pre-RDNA), AMD Software: PRO Edition 25.Q2 (23.19.23.01 pre-RDNA)

References

MISChttps://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html