CVE-2023-20564

MEDIUM

AMD Ryzen Master < 2.11.2.2659 - Improper Input Validation

Title source: rule

Description

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution.

Exploits (1)

nomisec WORKING POC 17 stars

by NtGabrielGomes · poc

https://github.com/NtGabrielGomes/CVE-2023-20564

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7004

Scores

CVSS v3 6.7

EPSS 0.0008

EPSS Percentile 23.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20

Status published

Products (2)

amd/ryzen_master < 2.11.2.2659

amd/ryzen_master_monitoring_sdk < august_2023

Published Aug 15, 2023

Tracked Since Feb 18, 2026