CVE-2023-20564

MEDIUM

AMD Ryzen Master < 2.11.2.2659 - Privileged Memory Read/Write via IOCTL Input Buffer

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-20564. PoCs published by NtGabrielGomes.

AI-analyzed exploit summary This repository contains a functional Proof of Concept (PoC) for CVE-2023-20564, demonstrating arbitrary physical memory read/write capabilities in the AMD Ryzen Master Driver due to insufficient IOCTL validation.

Description

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution.

Exploits (1)

nomisec WORKING POC 17 stars

by NtGabrielGomes · poc

https://github.com/NtGabrielGomes/CVE-2023-20564

View Code ZIP pw:eip

This repository contains a functional Proof of Concept (PoC) for CVE-2023-20564, demonstrating arbitrary physical memory read/write capabilities in the AMD Ryzen Master Driver due to insufficient IOCTL validation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: AMD Ryzen Master Driver (AMDRyzenMasterDriverV17.sys)

No auth needed

Prerequisites: AMD Ryzen Master Driver installed · Windows system with vulnerable driver

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7004

Scores

CVSS v3 6.7

EPSS 0.0029

EPSS Percentile 20.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20

Status published

Products (2)

amd/ryzen_master < 2.11.2.2659

amd/ryzen_master_monitoring_sdk < august_2023

Published Aug 15, 2023

Tracked Since Feb 18, 2026