AMD μProf Security Bulletin

Bulletin ID: AMD-SB-1046 **Potential Impact:**Denial of service **Severity:**Medium

Summary

AMD μProf (“MICRO-prof”) is a software profiling analysis tool for x86 applications running on Windows, Linux and FreeBSD operating systems and provides event information unique to the AMD “Zen”-based processors and AMD INSTINCT™ MI Series accelerators. AMD μProf enables the developer to better understand the limiters of application performance and evaluate improvements.

An external researcher reported a vulnerability in AMD μProf where insufficient validation of inputs to the IOCTI buffer could potentially allow an attacker to cause a Windows kernel crash resulting in a denial of service.

CVE-2022-23831

Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.

CVE-2022-27674

Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.

Affected Products

AMD μProf

Mitigation

AMD recommends updating AMD μProf to the following versions: