CVE-2023-20564 & CVE-2023-20560: AMD Ryzen Master Security Vulnerabilities
AMD Ryzen Master is a popular software tool that allows users to overclock their AMD Ryzen processors. However, two security vulnerabilities have been discovered in the latest version of AMD Ryzen Master. These vulnerabilities could allow an attacker with administrative privileges to cause a Windows crash, perform memory reads/writes, or even execute arbitrary code on the victim’s system.
The first flaw tracked as CVE-2023-20564 (Severity: High), is caused by insufficient input validation in the IOCTL (Input Output Control) buffer. This vulnerability could allow an attacker to send a specially crafted IOCTL request to AMD Ryzen Master that would cause the software to crash. If the attacker can crash AMD Ryzen Master, they could then take advantage of other vulnerabilities on the system to gain further access.
The second flaw tracked as CVE-2023-20560 (Severity: Medium) is also caused by insufficient input validation in the IOCTL buffer. This vulnerability could allow an attacker to send a specially crafted IOCTL request to AMD Ryzen Master that would cause the software to execute arbitrary code on the victim’s system. This could allow the attacker to install malware, steal data, or take control of the victim’s computer.
The affected products include:
- AMD Ryzen Master
- AMD Ryzen™ Master Monitoring SDK
While the presence of these vulnerabilities is undeniably concerning, AMD has acted swiftly in offering a solution. The company recommends updating to:
- AMD Ryzen Master 18.104.22.16859 or higher
- AMD Ryzen Master Monitoring SDK with the target release set for August 2023