Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-20562

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.

Published

2023-08-08T18:15:11.467

Last Modified

2024-11-21T07:41:07.423

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	amd	amd_uprof	< 4.1.396	Yes
Operating System	microsoft	windows	-	No
Application	amd	amd_uprof	< 4.1-424	Yes
Operating System	linux	linux_kernel	-	No

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 Patch, Vendor Advisory ([email protected])
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)