CVE-2023-20556Exposed IOCTL with Insufficient Access Control in AMD Prof

CWE-782Exposed IOCTL with Insufficient Access Control4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 86.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
AMD ProfAMD Uprof
Timeline
PublishedAug 8

Description

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5amd/profvarious4.1.396+1
NVDamd/amd_uprof< 4.1.396+1

Patches

Patch: www.amd.comPatch: www.amd.com

🔴Vulnerability Details

2
CVEList
CVE-2023-20556: Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer pote2023-08-08
GHSA
GHSA-7p3x-w377-9pq7: Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD ?Prof may allow an authenticated user to send an arbitrary buffer pote2023-08-08

📋Vendor Advisories

1
Red Hat
hw: amd: uProf allow user to send arbitrary buffer leading to dos2023-08-08
CVE-2023-20556 — AMD Prof vulnerability | cvebase