7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
38.6%
Bulletin ID: AMD-SB-1046 **Potential Impact:**Denial of service **Severity:**Medium
AMD μProf (“MICRO-prof”) is a software profiling analysis tool for x86 applications running on Windows, Linux and FreeBSD operating systems and provides event information unique to the AMD “Zen”-based processors and AMD INSTINCT™ MI Series accelerators. AMD μProf enables the developer to better understand the limiters of application performance and evaluate improvements.
An external researcher reported a vulnerability in AMD μProf where insufficient validation of inputs to the IOCTI buffer could potentially allow an attacker to cause a Windows kernel crash resulting in a denial of service.
CVE-2022-23831
Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.
CVE-2022-27674
Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.
AMD μProf
AMD recommends updating AMD μProf to the following versions:
OS | Version |
---|---|
FreeBSD | AMDuProf_FreeBSD_x64_3.6.549.tar.bz2 |
Windows | AMDuProf-3.6.839.exe |
Linux | AMDuProf_Linux_x64_3.6.449.tar.bz2 |
Linux | amduprof_3.6-449_amd64.deb |
Linux | amduprof-3.6-449.x86_64.rpm |