CVE-2023-20562Exposed IOCTL with Insufficient Access Control in AMD Uprof

CWE-782Exposed IOCTL with Insufficient Access Control4 documents4 sources
Severity
7.8HIGHNVD
EPSS
8.6%
top 7.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
AMD ProfAMD Uprof
Timeline
PublishedAug 8

Description

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDamd/amd_uprof< 4.1.396+1
CVEListV5amd/profvarious4.1.396+1

Patches

Patch: www.amd.comPatch: www.amd.com

🔴Vulnerability Details

2
GHSA
GHSA-f6f3-rrm8-q5r8: Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver poten2023-08-08
CVEList
CVE-2023-20562: Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver poten2023-08-08

📋Vendor Advisories

1
Red Hat
hw: amd: uProf allow unsigned driver to load2023-08-08
CVE-2023-20562 — AMD Uprof vulnerability | cvebase