CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31349
https://notcve.org/view.php?id=CVE-2023-31349
13 Aug 2024 — Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Incorrect default permissions in the AMD ?Prof installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001 • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31348
https://notcve.org/view.php?id=CVE-2023-31348
13 Aug 2024 — A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31341
https://notcve.org/view.php?id=CVE-2023-31341
13 Aug 2024 — Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service. Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD ?Prof may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20561 –
https://notcve.org/view.php?id=CVE-2023-20561
08 Aug 2023 — Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20556 –
https://notcve.org/view.php?id=CVE-2023-20556
08 Aug 2023 — Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2023-20562 –
https://notcve.org/view.php?id=CVE-2023-20562
08 Aug 2023 — Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. • https://github.com/zeze-zeze/HITCON-2023-Demo-CVE-2023-20562 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-23831
https://notcve.org/view.php?id=CVE-2022-23831
09 Nov 2022 — Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. Una validación insuficiente del búfer de entrada IOCTL en AMD ?Prof puede permitir que un atacante envíe un búfer arbitrario que provoque una posible falla del kernel de Windows que provoque una denegación de servicio. • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-27674
https://notcve.org/view.php?id=CVE-2022-27674
09 Nov 2022 — Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. Una validación insuficiente en el búfer de entrada/salida IOCTL en AMD ?Prof puede permitir a un atacante eludir las comprobaciones de límites, lo que podría provocar un fallo del kernel de Windows que provoque una denegación de servicio. • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046 •
CVSS: 9.9EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26334 – AMD Chipset Driver Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-26334
01 Dec 2021 — The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user. El controlador AMDPowerProfiler.sys de la herramienta AMD ?Prof puede permitir a los usuarios con menos privilegios acceder a los MSR en el kernel, lo que puede llevar a una escalada de privilegios y a la ejecución de código ring-0 por parte del usuario con menos privilegios • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1016 • CWE-284: Improper Access Control •