CVE-2023-20562



Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
amdamd_uprof
𝑥
< 4.1.396
amdamd_uprof
𝑥
< 4.1-424
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
amduprof_tool
𝑥
< 4.1.396
ADP
amduprof_tool
𝑥
< 4.1-424
ADP
References
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003