CVE-2023-20562



Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AMDCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
amdamd_uprof
𝑥
< 4.1.396
amdamd_uprof
𝑥
< 4.1-424
𝑥
= Vulnerable software versions
References
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003