Description
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.
Exploits (2)
nomisec
WORKING POC
61 stars
by zeze-zeze · poc
https://github.com/zeze-zeze/HITCON-2023-Demo-CVE-2023-20562
nomisec
WORKING POC
4 stars
by passwa11 · poc
https://github.com/passwa11/HITCON-2023-Demo-CVE-2023-20562
References (1)
Core 1
Core References
Patch, Vendor Advisory vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003
Scores
CVSS v3
7.8
EPSS
0.1023
EPSS Percentile
93.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
Status
published
Products (1)
amd/amd_uprof
< 4.1.396
Published
Aug 08, 2023
Tracked Since
Feb 18, 2026