CVE-2023-20561Exposed IOCTL with Insufficient Access Control in AMD Prof

CWE-782Exposed IOCTL with Insufficient Access Control4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 86.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
AMD ProfAMD Uprof
Timeline
PublishedAug 8

Description

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5amd/profvarious4.1.396+1
NVDamd/amd_uprof< 4.1.396+1

Patches

Patch: www.amd.comPatch: www.amd.com

🔴Vulnerability Details

2
GHSA
GHSA-4mp8-95wg-7xm4: Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD ?Prof may allow an authenticated user to send an arbitrary address pot2023-08-08
CVEList
CVE-2023-20561: Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address pot2023-08-08

📋Vendor Advisories

1
Red Hat
hw: amd: uProf allow user to send arbitrary address leading to dos2023-08-08
CVE-2023-20561 — AMD Prof vulnerability | cvebase