CVE-2023-31341 - Vulnerability Details - OpenCVE

Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Amd	Amd Uprof Uprof

Configuration 1 [-]

OR	cpe:2.3:a:amd:uprof::::::linux::*
	cpe:2.3:a:amd:uprof::::::freebsd::*
	cpe:2.3:a:amd:uprof::::::windows::*

No data.

References

Link	Providers
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001

History

Fri, 13 Dec 2024 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Amd uprof
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:amd:uprof::::::freebsd::* cpe:2.3:a:amd:uprof::::::linux::* cpe:2.3:a:amd:uprof::::::windows::*
Vendors & Products		Amd uprof

Tue, 13 Aug 2024 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Amd Amd amd Uprof
CPEs		cpe:2.3:a:amd:amd_uprof::::::::
Vendors & Products		Amd Amd amd Uprof
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 13 Aug 2024 17:15:00 +0000

Type	Values Removed	Values Added
Description		Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.
Weaknesses		CWE-284
References		https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001
Metrics		cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2024-08-13T16:57:07.052Z

Updated: 2024-08-13T17:51:06.170Z

Reserved: 2023-04-27T15:25:41.425Z

Link: CVE-2023-31341

Vulnrichment

Updated: 2024-08-13T17:50:54.454Z

NVD

Status : Analyzed

Published: 2024-08-13T17:15:21.087

Modified: 2024-12-13T16:22:04.967

Link: CVE-2023-31341

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-31341", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2023-04-27T15:25:41.425Z", "datePublished": "2024-08-13T16:57:07.052Z", "dateUpdated": "2024-08-13T17:51:06.170Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "\u03bcProf Tool", "vendor": "AMD", "versions": [{"lessThan": "3.4.494", "status": "affected", "version": "\u03bcProf Tool", "versionType": "custom"}]}], "datePublic": "2024-08-13T04:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insufficient\nvalidation of the Input Output Control (IOCTL) input buffer in AMD \u03bcProf may\nallow an authenticated attacker to cause an out-of-bounds write, potentially\ncausing a Windows\u00ae OS crash, resulting in denial of service.\n\n\n\n<br>"}], "value": "Insufficient\nvalidation of the Input Output Control (IOCTL) input buffer in AMD \u03bcProf may\nallow an authenticated attacker to cause an out-of-bounds write, potentially\ncausing a Windows\u00ae OS crash, resulting in denial of service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2024-08-13T16:57:07.052Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001"}], "source": {"advisory": "AMD-SB-1016", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2021-11-09T20:30:00.000Z", "ID": "CVE-2021-26334", "STATE": "PUBLIC", "TITLE": "AMD Chipset Driver Information Disclosure Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "\u03bcProf Tool", "version": {"version_data": [{"version_affected": "<", "version_name": "\u03bcProf Tool", "version_value": "3.4.494"}]}}]}, "vendor_name": "AMD"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The AMDPowerProfiler.sys driver of AMD \u03bcProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1016", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1016"}]}, "source": {"advisory": "AMD-SB-1016", "discovery": "EXTERNAL"}}}, "adp": [{"affected": [{"vendor": "amd", "product": "amd_uprof", "cpes": ["cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "4.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-13T17:35:08.732349Z", "id": "CVE-2023-31341", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-13T17:51:06.170Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-31341", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-13T17:35:08.732349Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*"], "vendor": "amd", "product": "amd_uprof", "versions": [{"status": "affected", "version": "0", "lessThan": "4.2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-13T17:50:54.454Z"}}], "cna": {"source": {"advisory": "AMD-SB-1016", "discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AMD", "product": "\u03bcProf Tool", "versions": [{"status": "affected", "version": "\u03bcProf Tool", "lessThan": "3.4.494", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2024-08-13T04:00:00.000Z", "references": [{"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001", "tags": ["x_refsource_MISC"]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "Insufficient\nvalidation of the Input Output Control (IOCTL) input buffer in AMD \u03bcProf may\nallow an authenticated attacker to cause an out-of-bounds write, potentially\ncausing a Windows\u00ae OS crash, resulting in denial of service.", "supportingMedia": [{"type": "text/html", "value": "Insufficient\nvalidation of the Input Output Control (IOCTL) input buffer in AMD \u03bcProf may\nallow an authenticated attacker to cause an out-of-bounds write, potentially\ncausing a Windows\u00ae OS crash, resulting in denial of service.\n\n\n\n<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2024-08-13T16:57:07.052Z"}, "x_legacyV4Record": {"source": {"advisory": "AMD-SB-1016", "discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_name": "\u03bcProf Tool", "version_value": "3.4.494", "version_affected": "<"}]}, "product_name": "\u03bcProf Tool"}]}, "vendor_name": "AMD"}]}}, "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1016", "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1016", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "The AMDPowerProfiler.sys driver of AMD \u03bcProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-26334", "STATE": "PUBLIC", "TITLE": "AMD Chipset Driver Information Disclosure Vulnerability", "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2021-11-09T20:30:00.000Z"}}}}, "cveMetadata": {"cveId": "CVE-2023-31341", "state": "PUBLISHED", "dateUpdated": "2024-08-13T17:51:06.170Z", "dateReserved": "2023-04-27T15:25:41.425Z", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "datePublished": "2024-08-13T16:57:07.052Z", "assignerShortName": "AMD"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:amd:uprof:*:*:*:*:*:linux:*:*", "matchCriteriaId": "4B13FA61-9E51-45AF-A0F8-0C3A518B390A", "versionEndExcluding": "4.1.424", "vulnerable": true}, {"criteria": "cpe:2.3:a:amd:uprof:*:*:*:*:*:freebsd:*:*", "matchCriteriaId": "50D6F227-1657-451F-AF90-A68B6A4BF03A", "versionEndExcluding": "4.2.816", "vulnerable": true}, {"criteria": "cpe:2.3:a:amd:uprof:*:*:*:*:*:windows:*:*", "matchCriteriaId": "E175F21E-6872-42B1-8C4C-6B473440EE12", "versionEndExcluding": "4.2.845", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient\nvalidation of the Input Output Control (IOCTL) input buffer in AMD ?Prof may\nallow an authenticated attacker to cause an out-of-bounds write, potentially\ncausing a Windows\u00ae OS crash, resulting in denial of service."}, {"lang": "es", "value": "Una validaci\u00f3n insuficiente del b\u00fafer de entrada de control de entrada y salida (IOCTL) en AMD ?Prof puede\npermitir que un atacante autenticado provoque una escritura fuera de los l\u00edmites, lo que podr\u00eda\ncausar un bloqueo del sistema operativo Windows\u00ae y, como resultado, una denegaci\u00f3n de servicio."}], "id": "CVE-2023-31341", "lastModified": "2024-12-13T16:22:04.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "psirt@amd.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-13T17:15:21.087", "references": [{"source": "psirt@amd.com", "tags": ["Vendor Advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "psirt@amd.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}