CVE-2023-31341

Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:amd:uprof::::::linux::*
	cpe:2.3:a:amd:uprof::::::freebsd::*
	cpe:2.3:a:amd:uprof::::::windows::*

History

26 Feb 2025, 07:14

Type	Values Removed	Values Added
Summary	(en) Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD ?Prof may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.	(en) Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.

13 Dec 2024, 16:22

Type	Values Removed	Values Added
First Time		Amd uprof Amd
CWE		NVD-CWE-noinfo
References	~~() https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001 -~~	() https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001 - Vendor Advisory
CPE		cpe:2.3:a:amd:uprof::::::windows::* cpe:2.3:a:amd:uprof::::::linux::* cpe:2.3:a:amd:uprof::::::freebsd::*
Summary	(en) Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.	(en) Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD ?Prof may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.

21 Nov 2024, 08:01

Type	Values Removed	Values Added
Summary		(es) Una validación insuficiente del búfer de entrada de control de entrada y salida (IOCTL) en AMD ?Prof puede permitir que un atacante autenticado provoque una escritura fuera de los límites, lo que podría causar un bloqueo del sistema operativo Windows® y, como resultado, una denegación de servicio.
Summary	(en) Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD ?Prof may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.	(en) Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.

14 Aug 2024, 02:07

Type	Values Removed	Values Added
Summary	(en) Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.	(en) Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD ?Prof may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.

13 Aug 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-13 17:15

Updated : 2025-02-26 07:14

NVD link : CVE-2023-31341

Mitre link : CVE-2023-31341

CVE.ORG link : CVE-2023-31341

JSON object : View

Products Affected

amd

uprof

CWE

CWE-284

Improper Access Control

NVD-CWE-noinfo

{"id": "CVE-2023-31341", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@amd.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-08-13T17:15:21.087", "references": [{"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001", "tags": ["Vendor Advisory"], "source": "psirt@amd.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@amd.com", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Insufficient\nvalidation of the Input Output Control (IOCTL) input buffer in AMD \u03bcProf may\nallow an authenticated attacker to cause an out-of-bounds write, potentially\ncausing a Windows\u00ae OS crash, resulting in denial of service."}, {"lang": "es", "value": "Una validaci\u00f3n insuficiente del b\u00fafer de entrada de control de entrada y salida (IOCTL) en AMD ?Prof puede\npermitir que un atacante autenticado provoque una escritura fuera de los l\u00edmites, lo que podr\u00eda\ncausar un bloqueo del sistema operativo Windows\u00ae y, como resultado, una denegaci\u00f3n de servicio."}], "lastModified": "2025-02-26T07:14:52.160", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:amd:uprof:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "4B13FA61-9E51-45AF-A0F8-0C3A518B390A", "versionEndExcluding": "4.1.424"}, {"criteria": "cpe:2.3:a:amd:uprof:*:*:*:*:*:freebsd:*:*", "vulnerable": true, "matchCriteriaId": "50D6F227-1657-451F-AF90-A68B6A4BF03A", "versionEndExcluding": "4.2.816"}, {"criteria": "cpe:2.3:a:amd:uprof:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "E175F21E-6872-42B1-8C4C-6B473440EE12", "versionEndExcluding": "4.2.845"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@amd.com"}

7.3 /10