CVE-2023-20562

EUVD-2023-24741


Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
amdamd_uprof
𝑥
< 4.1.396
amdamd_uprof
𝑥
< 4.1-424
𝑥
= Vulnerable software versions
References
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003