Search criteria
18 vulnerabilities found for amd_uprof by amd
FKIE_CVE-2023-20561
Vulnerability from fkie_nvd - Published: 2023-08-08 18:15 - Updated: 2024-11-21 07:41
Severity ?
Summary
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@amd.com | https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1EF217-6C1D-4FED-8F8E-4AD79D74A536",
"versionEndExcluding": "4.1.396",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC64885-C3DE-4FFB-8AD4-4B96722EC6D4",
"versionEndExcluding": "4.1-424",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\nInsufficient validation of the IOCTL (Input Output Control) input buffer in AMD \u03bcProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"id": "CVE-2023-20561",
"lastModified": "2024-11-21T07:41:07.287",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-08T18:15:11.407",
"references": [
{
"source": "psirt@amd.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"
}
],
"sourceIdentifier": "psirt@amd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-20562
Vulnerability from fkie_nvd - Published: 2023-08-08 18:15 - Updated: 2024-11-21 07:41
Severity ?
Summary
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@amd.com | https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1EF217-6C1D-4FED-8F8E-4AD79D74A536",
"versionEndExcluding": "4.1.396",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC64885-C3DE-4FFB-8AD4-4B96722EC6D4",
"versionEndExcluding": "4.1-424",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\n\n\nInsufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"id": "CVE-2023-20562",
"lastModified": "2024-11-21T07:41:07.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-08T18:15:11.467",
"references": [
{
"source": "psirt@amd.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"
}
],
"sourceIdentifier": "psirt@amd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-20556
Vulnerability from fkie_nvd - Published: 2023-08-08 18:15 - Updated: 2024-11-21 07:41
Severity ?
Summary
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@amd.com | https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 | Mitigation, Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1EF217-6C1D-4FED-8F8E-4AD79D74A536",
"versionEndExcluding": "4.1.396",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC64885-C3DE-4FFB-8AD4-4B96722EC6D4",
"versionEndExcluding": "4.1-424",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\nInsufficient validation of the IOCTL (Input Output Control) input buffer in AMD \u03bcProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"id": "CVE-2023-20556",
"lastModified": "2024-11-21T07:41:06.607",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-08T18:15:11.340",
"references": [
{
"source": "psirt@amd.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"
}
],
"sourceIdentifier": "psirt@amd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-27674
Vulnerability from fkie_nvd - Published: 2022-11-09 21:15 - Updated: 2025-05-01 15:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F198CD40-B926-49C8-9FDA-D5853A7FF4EA",
"versionEndExcluding": "3.6.549",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2AEFCC-A2F6-45A6-A2EF-24F7906E44E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC6A7D5-0F04-4473-9480-EBC7A8860ABE",
"versionEndExcluding": "3.6.839",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*",
"matchCriteriaId": "738F3D59-9A14-4DCD-B1EE-30E07EC362D3",
"versionEndExcluding": "3.6.449",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation in the IOCTL input/output buffer in AMD \u03bcProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service."
},
{
"lang": "es",
"value": "Una validaci\u00f3n insuficiente en el b\u00fafer de entrada/salida IOCTL en AMD ?Prof puede permitir a un atacante eludir las comprobaciones de l\u00edmites, lo que podr\u00eda provocar un fallo del kernel de Windows que provoque una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2022-27674",
"lastModified": "2025-05-01T15:15:54.900",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-11-09T21:15:14.270",
"references": [
{
"source": "psirt@amd.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
],
"sourceIdentifier": "psirt@amd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-23831
Vulnerability from fkie_nvd - Published: 2022-11-09 21:15 - Updated: 2025-05-01 15:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F198CD40-B926-49C8-9FDA-D5853A7FF4EA",
"versionEndExcluding": "3.6.549",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2AEFCC-A2F6-45A6-A2EF-24F7906E44E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC6A7D5-0F04-4473-9480-EBC7A8860ABE",
"versionEndExcluding": "3.6.839",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*",
"matchCriteriaId": "738F3D59-9A14-4DCD-B1EE-30E07EC362D3",
"versionEndExcluding": "3.6.449",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of the IOCTL input buffer in AMD \u03bcProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service."
},
{
"lang": "es",
"value": "Una validaci\u00f3n insuficiente del b\u00fafer de entrada IOCTL en AMD ?Prof puede permitir que un atacante env\u00ede un b\u00fafer arbitrario que provoque una posible falla del kernel de Windows que provoque una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2022-23831",
"lastModified": "2025-05-01T15:15:54.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-11-09T21:15:13.817",
"references": [
{
"source": "psirt@amd.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
],
"sourceIdentifier": "psirt@amd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-26334
Vulnerability from fkie_nvd - Published: 2021-12-01 16:15 - Updated: 2024-11-21 05:56
Severity ?
Summary
The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@amd.com | https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1016 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1016 | Mitigation, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B55C197-559D-4618-AAA0-A150B5C85757",
"versionEndExcluding": "3.4.494",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F9786CF-1DE5-4413-8E90-E15625028407",
"versionEndExcluding": "3.4.502",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AMDPowerProfiler.sys driver of AMD \u03bcProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user."
},
{
"lang": "es",
"value": "El controlador AMDPowerProfiler.sys de la herramienta AMD ?Prof puede permitir a los usuarios con menos privilegios acceder a los MSR en el kernel, lo que puede llevar a una escalada de privilegios y a la ejecuci\u00f3n de c\u00f3digo ring-0 por parte del usuario con menos privilegios"
}
],
"id": "CVE-2021-26334",
"lastModified": "2024-11-21T05:56:07.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-01T16:15:07.590",
"references": [
{
"source": "psirt@amd.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1016"
}
],
"sourceIdentifier": "psirt@amd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@amd.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-20561 (GCVE-0-2023-20561)
Vulnerability from cvelistv5 – Published: 2023-08-08 17:14 – Updated: 2024-10-10 16:00
VLAI?
Title
Summary
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:45.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20561",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T16:00:46.457986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:00:57.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"x86",
"Windows"
],
"product": "\u03bcProf",
"vendor": "AMD",
"versions": [
{
"lessThan": "4.1.396",
"status": "affected",
"version": "various",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86",
"Linux"
],
"product": "\u03bcProf",
"vendor": " AMD",
"versions": [
{
"lessThan": "4.1-424",
"status": "affected",
"version": "various ",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-08-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient validation of the IOCTL (Input Output Control) input buffer in AMD \u03bcProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\n\n\n\n\n\n\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n"
}
],
"value": "\n\n\n\n\n\n\nInsufficient validation of the IOCTL (Input Output Control) input buffer in AMD \u03bcProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:14:53.405Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"
}
],
"source": {
"advisory": "AMD-SB-7003",
"discovery": "UNKNOWN"
},
"title": " ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20561",
"datePublished": "2023-08-08T17:14:53.405Z",
"dateReserved": "2022-10-27T18:53:39.747Z",
"dateUpdated": "2024-10-10T16:00:57.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20556 (GCVE-0-2023-20556)
Vulnerability from cvelistv5 – Published: 2023-08-08 17:14 – Updated: 2024-10-10 16:01
VLAI?
Title
Summary
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T16:01:28.089446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:01:41.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"x86",
"Windows"
],
"product": "\u03bcProf",
"vendor": "AMD",
"versions": [
{
"lessThan": "4.1.396",
"status": "affected",
"version": "various",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86",
"Linux"
],
"product": "\u03bcProf",
"vendor": " AMD",
"versions": [
{
"lessThan": "4.1-424",
"status": "affected",
"version": "various ",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-08-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient validation of the IOCTL (Input Output Control) input buffer in AMD \u03bcProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\n\n\n\n\n\n\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n"
}
],
"value": "\n\n\n\n\nInsufficient validation of the IOCTL (Input Output Control) input buffer in AMD \u03bcProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:14:24.974Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"
}
],
"source": {
"advisory": "AMD-SB-7003",
"discovery": "UNKNOWN"
},
"title": " ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20556",
"datePublished": "2023-08-08T17:14:24.974Z",
"dateReserved": "2022-10-27T18:53:39.746Z",
"dateUpdated": "2024-10-10T16:01:41.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20562 (GCVE-0-2023-20562)
Vulnerability from cvelistv5 – Published: 2023-08-08 17:13 – Updated: 2024-10-10 19:09
VLAI?
Title
Summary
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:amd:uprof_tool:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "uprof_tool",
"vendor": "amd",
"versions": [
{
"lessThan": "4.1.396",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.1-424",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20562",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T18:41:00.791824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T19:09:22.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"x86",
"Windows"
],
"product": "\u03bcProf",
"vendor": "AMD",
"versions": [
{
"lessThan": "4.1.396",
"status": "affected",
"version": "various",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86",
"Linux"
],
"product": "\u03bcProf",
"vendor": " AMD",
"versions": [
{
"lessThan": "4.1-424",
"status": "affected",
"version": "various ",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-08-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.\u003c/span\u003e\n\n\n\n\n\n\n\n\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n"
}
],
"value": "\n\n\nInsufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:13:50.810Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"
}
],
"source": {
"advisory": "AMD-SB-7003",
"discovery": "UNKNOWN"
},
"title": " ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20562",
"datePublished": "2023-08-08T17:13:50.810Z",
"dateReserved": "2022-10-27T18:53:39.747Z",
"dateUpdated": "2024-10-10T19:09:22.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23831 (GCVE-0-2022-23831)
Vulnerability from cvelistv5 – Published: 2022-11-09 20:45 – Updated: 2025-05-01 14:09
VLAI?
Summary
Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.
Severity ?
7.5 (High)
CWE
- NA
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-23831",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T14:08:11.372942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T14:09:12.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AMD \u03bcProf",
"vendor": "AMD",
"versions": [
{
"lessThan": "3.6.549",
"status": "affected",
"version": "AMDuProf_FreeBSD_x64",
"versionType": "custom"
},
{
"lessThan": "3.6.839",
"status": "affected",
"version": "AMDuProf Windows",
"versionType": "custom"
},
{
"lessThan": "3.6-449",
"status": "affected",
"version": "AMDuProf Linux",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of the IOCTL input buffer in AMD \u03bcProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-09T00:00:00.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
],
"source": {
"advisory": "AMD-SB-1046",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23831",
"datePublished": "2022-11-09T20:45:40.420Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2025-05-01T14:09:12.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27674 (GCVE-0-2022-27674)
Vulnerability from cvelistv5 – Published: 2022-11-09 20:45 – Updated: 2025-05-01 14:11
VLAI?
Summary
Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.
Severity ?
7.5 (High)
CWE
- NA
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-27674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T14:10:57.351851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T14:11:02.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AMD \u03bcProf",
"vendor": "AMD",
"versions": [
{
"lessThan": "3.6.549",
"status": "affected",
"version": "AMDuProf_FreeBSD_x64",
"versionType": "custom"
},
{
"lessThan": "3.6.839",
"status": "affected",
"version": "AMDuProf Windows",
"versionType": "custom"
},
{
"lessThan": "3.6-449",
"status": "affected",
"version": "AMDuProf Linux",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation in the IOCTL input/output buffer in AMD \u03bcProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-09T00:00:00.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
],
"source": {
"advisory": "AMD-SB-1046",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-27674",
"datePublished": "2022-11-09T20:45:35.675Z",
"dateReserved": "2022-03-23T00:00:00.000Z",
"dateUpdated": "2025-05-01T14:11:02.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26334 (GCVE-0-2021-26334)
Vulnerability from cvelistv5 – Published: 2021-12-01 15:43 – Updated: 2024-09-17 00:40
VLAI?
Title
AMD Chipset Driver Information Disclosure Vulnerability
Summary
The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AMD | μProf Tool |
Affected:
μProf Tool , < 3.4.494
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:23.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\u03bcProf Tool",
"vendor": "AMD",
"versions": [
{
"lessThan": "3.4.494",
"status": "affected",
"version": "\u03bcProf Tool",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The AMDPowerProfiler.sys driver of AMD \u03bcProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T15:43:24",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1016"
}
],
"source": {
"advisory": "AMD-SB-1016",
"discovery": "EXTERNAL"
},
"title": "AMD Chipset Driver Information Disclosure Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:30:00.000Z",
"ID": "CVE-2021-26334",
"STATE": "PUBLIC",
"TITLE": "AMD Chipset Driver Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\u03bcProf Tool",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "\u03bcProf Tool",
"version_value": "3.4.494"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AMDPowerProfiler.sys driver of AMD \u03bcProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1016",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1016"
}
]
},
"source": {
"advisory": "AMD-SB-1016",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26334",
"datePublished": "2021-12-01T15:43:24.387290Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-17T00:40:38.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20561 (GCVE-0-2023-20561)
Vulnerability from nvd – Published: 2023-08-08 17:14 – Updated: 2024-10-10 16:00
VLAI?
Title
Summary
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:45.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20561",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T16:00:46.457986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:00:57.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"x86",
"Windows"
],
"product": "\u03bcProf",
"vendor": "AMD",
"versions": [
{
"lessThan": "4.1.396",
"status": "affected",
"version": "various",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86",
"Linux"
],
"product": "\u03bcProf",
"vendor": " AMD",
"versions": [
{
"lessThan": "4.1-424",
"status": "affected",
"version": "various ",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-08-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient validation of the IOCTL (Input Output Control) input buffer in AMD \u03bcProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\n\n\n\n\n\n\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n"
}
],
"value": "\n\n\n\n\n\n\nInsufficient validation of the IOCTL (Input Output Control) input buffer in AMD \u03bcProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:14:53.405Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"
}
],
"source": {
"advisory": "AMD-SB-7003",
"discovery": "UNKNOWN"
},
"title": " ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20561",
"datePublished": "2023-08-08T17:14:53.405Z",
"dateReserved": "2022-10-27T18:53:39.747Z",
"dateUpdated": "2024-10-10T16:00:57.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20556 (GCVE-0-2023-20556)
Vulnerability from nvd – Published: 2023-08-08 17:14 – Updated: 2024-10-10 16:01
VLAI?
Title
Summary
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T16:01:28.089446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:01:41.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"x86",
"Windows"
],
"product": "\u03bcProf",
"vendor": "AMD",
"versions": [
{
"lessThan": "4.1.396",
"status": "affected",
"version": "various",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86",
"Linux"
],
"product": "\u03bcProf",
"vendor": " AMD",
"versions": [
{
"lessThan": "4.1-424",
"status": "affected",
"version": "various ",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-08-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient validation of the IOCTL (Input Output Control) input buffer in AMD \u03bcProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\n\n\n\n\n\n\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n"
}
],
"value": "\n\n\n\n\nInsufficient validation of the IOCTL (Input Output Control) input buffer in AMD \u03bcProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:14:24.974Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"
}
],
"source": {
"advisory": "AMD-SB-7003",
"discovery": "UNKNOWN"
},
"title": " ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20556",
"datePublished": "2023-08-08T17:14:24.974Z",
"dateReserved": "2022-10-27T18:53:39.746Z",
"dateUpdated": "2024-10-10T16:01:41.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20562 (GCVE-0-2023-20562)
Vulnerability from nvd – Published: 2023-08-08 17:13 – Updated: 2024-10-10 19:09
VLAI?
Title
Summary
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:amd:uprof_tool:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "uprof_tool",
"vendor": "amd",
"versions": [
{
"lessThan": "4.1.396",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.1-424",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20562",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T18:41:00.791824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T19:09:22.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"x86",
"Windows"
],
"product": "\u03bcProf",
"vendor": "AMD",
"versions": [
{
"lessThan": "4.1.396",
"status": "affected",
"version": "various",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86",
"Linux"
],
"product": "\u03bcProf",
"vendor": " AMD",
"versions": [
{
"lessThan": "4.1-424",
"status": "affected",
"version": "various ",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-08-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.\u003c/span\u003e\n\n\n\n\n\n\n\n\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n"
}
],
"value": "\n\n\nInsufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:13:50.810Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"
}
],
"source": {
"advisory": "AMD-SB-7003",
"discovery": "UNKNOWN"
},
"title": " ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20562",
"datePublished": "2023-08-08T17:13:50.810Z",
"dateReserved": "2022-10-27T18:53:39.747Z",
"dateUpdated": "2024-10-10T19:09:22.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23831 (GCVE-0-2022-23831)
Vulnerability from nvd – Published: 2022-11-09 20:45 – Updated: 2025-05-01 14:09
VLAI?
Summary
Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.
Severity ?
7.5 (High)
CWE
- NA
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-23831",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T14:08:11.372942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T14:09:12.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AMD \u03bcProf",
"vendor": "AMD",
"versions": [
{
"lessThan": "3.6.549",
"status": "affected",
"version": "AMDuProf_FreeBSD_x64",
"versionType": "custom"
},
{
"lessThan": "3.6.839",
"status": "affected",
"version": "AMDuProf Windows",
"versionType": "custom"
},
{
"lessThan": "3.6-449",
"status": "affected",
"version": "AMDuProf Linux",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of the IOCTL input buffer in AMD \u03bcProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-09T00:00:00.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
],
"source": {
"advisory": "AMD-SB-1046",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23831",
"datePublished": "2022-11-09T20:45:40.420Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2025-05-01T14:09:12.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27674 (GCVE-0-2022-27674)
Vulnerability from nvd – Published: 2022-11-09 20:45 – Updated: 2025-05-01 14:11
VLAI?
Summary
Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.
Severity ?
7.5 (High)
CWE
- NA
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-27674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T14:10:57.351851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T14:11:02.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AMD \u03bcProf",
"vendor": "AMD",
"versions": [
{
"lessThan": "3.6.549",
"status": "affected",
"version": "AMDuProf_FreeBSD_x64",
"versionType": "custom"
},
{
"lessThan": "3.6.839",
"status": "affected",
"version": "AMDuProf Windows",
"versionType": "custom"
},
{
"lessThan": "3.6-449",
"status": "affected",
"version": "AMDuProf Linux",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation in the IOCTL input/output buffer in AMD \u03bcProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-09T00:00:00.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
],
"source": {
"advisory": "AMD-SB-1046",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-27674",
"datePublished": "2022-11-09T20:45:35.675Z",
"dateReserved": "2022-03-23T00:00:00.000Z",
"dateUpdated": "2025-05-01T14:11:02.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26334 (GCVE-0-2021-26334)
Vulnerability from nvd – Published: 2021-12-01 15:43 – Updated: 2024-09-17 00:40
VLAI?
Title
AMD Chipset Driver Information Disclosure Vulnerability
Summary
The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AMD | μProf Tool |
Affected:
μProf Tool , < 3.4.494
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:23.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\u03bcProf Tool",
"vendor": "AMD",
"versions": [
{
"lessThan": "3.4.494",
"status": "affected",
"version": "\u03bcProf Tool",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The AMDPowerProfiler.sys driver of AMD \u03bcProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T15:43:24",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1016"
}
],
"source": {
"advisory": "AMD-SB-1016",
"discovery": "EXTERNAL"
},
"title": "AMD Chipset Driver Information Disclosure Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-11-09T20:30:00.000Z",
"ID": "CVE-2021-26334",
"STATE": "PUBLIC",
"TITLE": "AMD Chipset Driver Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\u03bcProf Tool",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "\u03bcProf Tool",
"version_value": "3.4.494"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AMDPowerProfiler.sys driver of AMD \u03bcProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1016",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1016"
}
]
},
"source": {
"advisory": "AMD-SB-1016",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26334",
"datePublished": "2021-12-01T15:43:24.387290Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-17T00:40:38.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}