AMD Graphics Driver Vulnerabilities – November 2023
Bulletin ID: AMD-SB-6003
Potential Impact: Varies by CVE, see descriptions below
Severity: Varies by CVE, see descriptions below
Summary
AMD received reports of vulnerabilities potentially affecting some AMD Graphics products. Refer to the CVE Details section for information about each CVE.
CVE Details
Refer to Glossary for explanation of terms
CVE |
Severity |
CVE Description |
CVE-2021-46748 |
Medium |
Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service. |
CVE-2023-20567
|
Medium | Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution. |
CVE-2023-20568 |
Medium | Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution. |
CVE-2023-31320 |
Medium |
Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service. |
Affected Products and Mitigation
Graphics Cards
AMD recommends updating the AMD Graphics Driver to the version recommended for your product below. Please refer to your Original Equipment Manufacturer (OEM) for the driver update specific to your product.
Platform |
Applicable CVE(s) |
Release Version |
AMD Radeon™ RX 5000 Series Graphics Cards AMD Radeon™ RX 6000 Series Graphics Cards AMD Radeon™ RX 7000 Series Graphics Cards |
CVE-2021-46748 CVE-2023-20567 CVE-2023-20568 CVE-2023-31320 |
AMD Software: Adrenalin Edition 23.7.1 (23.10.01.45) |
AMD Radeon™ PRO W5000 Series Graphics Cards AMD Radeon™ PRO W6000 Series Graphics Cards AMD Radeon™ PRO W7000 Series Graphics Cards |
CVE-2021-46748 CVE-2023-20567 CVE-2023-20568 CVE-2023-31320 |
AMD Software: PRO Edition 23.Q3 (23.10.18.05) |
AMD Radeon™ RX Vega Series Graphics Cards AMD Radeon™ PRO WX Vega Series Graphics Cards |
CVE-2021-46748 CVE-2023-20567 CVE-2023-20568 CVE-2023-31320 |
Please refer to your OEM for the update specific to your product. |
OS Support |
Version |
Windows 11 |
Version 21H2 and later |
Windows 10 64-bit |
Version 1809 and later |
Windows Server 2022 |
21H2 |
Windows Server 2019 |
1809 |
Client Processors
Platform |
Program |
Applicable CVEs | Release Version Mitigation |
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics |
“Cezanne” |
CVE-2021-46748 CVE-2023-20567 CVE-2023-20568 CVE-2023-31320 |
AMD Software: Adrenalin Edition 23.7.1 (23.10.01.45) AMD Software: PRO Edition 23.Q3 (23.10.18.05) |
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics |
“Lucienne” |
||
AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics |
“Picasso” FP5 |
||
AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics |
“Renoir” AM4 |
||
AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics |
“Cezanne” |
||
AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics |
“Picasso” AM4 |
||
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics |
“Pollock” |
||
AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics |
“Barcelo” |
CVE-2023-20567 CVE-2023-20568 CVE-2023-31320 |
|
AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics |
“Barcelo-R” |
||
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics |
“Dali”/”Dali” FP5 |
||
AMD Ryzen™ 7045 Series Processors with Radeon™ Graphics |
“Dragon Range” |
||
AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics |
“Mendocino” FT6 |
||
AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics |
“Phoenix” AM5 |
||
AMD Ryzen™ 7000 Series Processors with Radeon™ Graphics |
“Raphael” X3D |
||
AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics |
“Renoir” FP6 |
||
AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics |
"Rembrandt" |
||
AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics |
“Rembrandt-R” |
Acknowledgement
AMD thanks the following for reporting these issues and engaging in coordinated vulnerability disclosure.
Reported by hamdi aka Falcon Corruption @falconCorrup: CVE-2023-20567 and CVE-2023-20568
Reported by GitHub user @whypet: CVE-2023-31320
Internally found: CVE-2021-46748
Revisions
Revision Date |
Description |
11-14-2023 |
Initial publication |
DISCLAIMER
The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. Any computer system has risks of security vulnerabilities that cannot be completely prevented or mitigated. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale.
AMD, the AMD Arrow logo, Athlon, Radeon, Ryzen and combinations thereof are trademarks of Advanced Micro Devices, Inc. CVE and the CVE logo are registered trademarks of The MITRE Corporation. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.
Third party content may be licensed to you directly by the third party that owns the content and is not licensed to you by AMD. ALL LINKED THIRD-PARTY CONTENT IS PROVIDED ‘AS IS’ WITHOUT A WARRANTY OF ANY KIND. USE OF SUCH THIRD-PARTY CONTENT IS DONE AT YOUR SOLE DISCRETION AND UNDER NO CIRCUMSTANCES WILL AMD BE LIABLE TO YOU FOR ANY THIRD-PARTY CONTENT. YOU ASSUME ALL RISK AND ARE SOLELY RESPONSIBILITY FOR ANY DAMAGES THAT MAY ARISE FROM YOUR USE OF THIRD-PARTY CONTENT.
© 2023 Advanced Micro Devices, Inc. All rights reserved.