CVE-2023-20598

HIGH EXPLOITED

AMD Radeon Software < 23.9.2 and < 23.q4 - Authenticated Arbitrary Code Execution via IOCTL Request

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-20598 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including H4rk3nz0.

AI-analyzed exploit summary This is a proof-of-concept exploit for CVE-2023-20598 targeting the AMD Radeon Driver's PDFWKRNL.sys. It demonstrates arbitrary read/write primitives via IOCTL calls to escalate privileges from a low integrity process.

Description

An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.

Exploits (1)

nomisec WORKING POC 8 stars
by H4rk3nz0 · local
https://github.com/H4rk3nz0/CVE-2023-20598-PDFWKRNL

This is a proof-of-concept exploit for CVE-2023-20598 targeting the AMD Radeon Driver's PDFWKRNL.sys. It demonstrates arbitrary read/write primitives via IOCTL calls to escalate privileges from a low integrity process.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: AMD Radeon Driver PDFWKRNL.sys
No auth needed
Prerequisites: AMD Radeon Driver with vulnerable PDFWKRNL.sys · Low integrity process execution context
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0046
EPSS Percentile 36.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

VulnCheck KEV 2025-10-08
CWE
CWE-269
Status published
Products (2)
amd/radeon_software < 23.9.2
amd/radeon_software < 23.q4
Published Oct 17, 2023
Tracked Since Feb 18, 2026