CVE-2023-20562

Published: 08/08/2023 Updated: 14/08/2023

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
amd amd uprof

DescriptionInsufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver, potentially leading to arbitrary kernel executionInsufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigne ...

HITCON 2023 Demo CVE-2023-20562 Description This demonstration took place at HITCON 2023 in Taiwan The demo highlights the exploitation of AMDCpuProfilersys within AMD μProf By triggering an arbitrary write on the EPROCESS token, privilege escalation to SYSTEM level is achieved Disabling the DSE flag allows loading of a malicious unsigned driver The presentation further

NVD-CWE-noinfo https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 https://nvd.nist.gov https://github.com/zeze-zeze/HITCON-2023-Demo-CVE-2023-20562 https://access.redhat.com/security/cve/cve-2023-20562

CVE-2023-20562

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect