Amd Uprof vulnerabilities

6 known vulnerabilities affecting amd/amd_uprof.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-20562HIGHCVSS 7.8fixed in 4.1.396fixed in 4.1-4242023-08-08
CVE-2023-20562 [HIGH] CVE-2023-20562: Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow a Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.
nvd
CVE-2023-20556MEDIUMCVSS 5.5fixed in 4.1.396fixed in 4.1-4242023-08-08
CVE-2023-20556 [MEDIUM] CVE-2023-20556: Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.
nvd
CVE-2023-20561MEDIUMCVSS 5.5fixed in 4.1.396fixed in 4.1-4242023-08-08
CVE-2023-20561 [MEDIUM] CVE-2023-20561: Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may all Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.
nvd
CVE-2022-27674HIGHCVSS 7.5fixed in 3.6.549fixed in 3.6.839+1 more2022-11-09
CVE-2022-27674 [HIGH] CWE-20 CVE-2022-27674: Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypas Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.
nvd
CVE-2022-23831HIGHCVSS 7.5fixed in 3.6.549fixed in 3.6.839+1 more2022-11-09
CVE-2022-23831 [HIGH] CWE-20 CVE-2022-23831: Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbi Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.
nvd
CVE-2021-26334CRITICALCVSS 9.9fixed in 3.4.494fixed in 3.4.5022021-12-01
CVE-2021-26334 [CRITICAL] CWE-284 CVE-2021-26334: The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.
nvd