CVE-2023-20562

Published: Aug 8, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.

Affected (2)

Products: Amd: Amd Uprof

Amd

1 product

Amd Uprof

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Amd Uprof	Before 4.1.396

Running on/with	Platform Versions
Microsoft Windows	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Amd Uprof	Before 4.1-424

Running on/with	Platform Versions
Linux Linux Kernel	All versions

References (2)

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003

Source: psirt@amd.com

PatchVendor Advisory

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.