7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.1%
**Bulletin ID:**AMD-SB-7003 **Potential Impact:**Varies by CVE, see descriptions below **Severity:**Varies by CVE, see descriptions below
AMD μProf (“MICRO-prof”) is a software profiling analysis tool for x86 applications running on Windows, Linux and FreeBSD operating systems and provides event information unique to the AMD “Zen” microarchitecture based platforms and AMD INSTINCT™ MI Series accelerators. AMD μProf enables the developer to better understand application performance and evaluate potential improvements.
An external researcher reported three potential vulnerabilities in AMD μProf caused by insufficient validation of inputs to the IOCTL (Input Output Control) buffer. These vulnerabilities may allow an authenticated user to potentially cause a Windows crash leading to denial of service (DoS). Alternatively, an authenticated user may load an unsigned driver potentially leading to arbitrary kernel execution.
Refer to Glossary for explanation of terms
CVE | Severity | CVE Description |
---|---|---|
CVE-2023-20562 | High | Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. |
CVE-2023-20556 | Medium | Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service. |
CVE-2023-20561 | Medium | Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service. |
AMD μProf
AMD recommends updating AMD μProf to the following versions:
OS | Version |
---|---|
Windows | AMDuProf-4.1.396.exe |
Linux | AMDuProf_Linux_x64_4.1.424.tar.bz2 |
FreeBSD | AMDuProf_FreeBSD_x64_4.1.409.tar.bz2 |
Linux | amduprof_4.1-424_amd64.deb |
Linux | amduprof-4.1-424.x86_64.rpm |