CVE-2023-20598

HIGH EXPLOITED

AMD Radeon Software < 23.9.2 - Improper Privilege Management

Title source: rule

Description

An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.

Exploits (1)

nomisec WORKING POC 8 stars

by H4rk3nz0 · local

https://github.com/H4rk3nz0/CVE-2023-20598-PDFWKRNL

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6009

Scores

CVSS v3 7.8

EPSS 0.0191

EPSS Percentile 83.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-10-08

CWE

CWE-269

Status published

Products (2)

amd/radeon_software < 23.9.2

amd/radeon_software < 23.q4

Published Oct 17, 2023

Tracked Since Feb 18, 2026