CVE-2023-31341

Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:amd:uprof::::::linux::*
	cpe:2.3:a:amd:uprof::::::freebsd::*
	cpe:2.3:a:amd:uprof::::::windows::*

History

No history.

Information

Published : 2024-08-13 17:15

Updated : 2025-02-26 07:14

NVD link : CVE-2023-31341

Mitre link : CVE-2023-31341

CVE.ORG link : CVE-2023-31341

JSON object : View

Products Affected

amd

uprof

CWE

CWE-284

Improper Access Control

NVD-CWE-noinfo

{"id": "CVE-2023-31341", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@amd.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-08-13T17:15:21.087", "references": [{"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001", "tags": ["Vendor Advisory"], "source": "psirt@amd.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@amd.com", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Insufficient\nvalidation of the Input Output Control (IOCTL) input buffer in AMD \u03bcProf may\nallow an authenticated attacker to cause an out-of-bounds write, potentially\ncausing a Windows\u00ae OS crash, resulting in denial of service."}, {"lang": "es", "value": "Una validaci\u00f3n insuficiente del b\u00fafer de entrada de control de entrada y salida (IOCTL) en AMD ?Prof puede\npermitir que un atacante autenticado provoque una escritura fuera de los l\u00edmites, lo que podr\u00eda\ncausar un bloqueo del sistema operativo Windows\u00ae y, como resultado, una denegaci\u00f3n de servicio."}], "lastModified": "2025-02-26T07:14:52.160", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:amd:uprof:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "4B13FA61-9E51-45AF-A0F8-0C3A518B390A", "versionEndExcluding": "4.1.424"}, {"criteria": "cpe:2.3:a:amd:uprof:*:*:*:*:*:freebsd:*:*", "vulnerable": true, "matchCriteriaId": "50D6F227-1657-451F-AF90-A68B6A4BF03A", "versionEndExcluding": "4.2.816"}, {"criteria": "cpe:2.3:a:amd:uprof:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "E175F21E-6872-42B1-8C4C-6B473440EE12", "versionEndExcluding": "4.2.845"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@amd.com"}