CVE-2023-20562 - Vulnerability Details

Vendors	Products
Amd	Amd Uprof Uprof Tool
Linux	Linux Kernel
Microsoft	Windows

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2023-20562
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7003.html
https://www.cve.org/CVERecord?id=CVE-2023-20562

Type	Values Removed	Values Added
First Time appeared		Amd uprof Tool
CPEs		cpe:2.3:a:amd:uprof_tool::::::::
Vendors & Products		Amd uprof Tool
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20562", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2022-10-27T18:53:39.747Z", "datePublished": "2023-08-08T17:13:50.810Z", "dateUpdated": "2024-10-10T19:09:22.207Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "platforms": ["x86", "Windows"], "product": "\u03bcProf", "vendor": "AMD", "versions": [{"lessThan": "4.1.396", "status": "affected", "version": "various", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["x86", "Linux"], "product": "\u03bcProf", "vendor": " AMD", "versions": [{"lessThan": "4.1-424", "status": "affected", "version": "various ", "versionType": "custom"}]}], "datePublic": "2023-08-08T16:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(248, 249, 250);\">\n\n\n\n<span style=\"background-color: rgb(248, 249, 250);\">Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.</span>\n\n\n\n\n\n\n\n</span>\n\n\n\n\n\n\n\n\n\n"}], "value": "\n\n\nInsufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2023-08-08T17:13:50.810Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"}], "source": {"advisory": "AMD-SB-7003", "discovery": "UNKNOWN"}, "title": " ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:05:36.231Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"}]}, {"affected": [{"vendor": "amd", "product": "uprof_tool", "cpes": ["cpe:2.3:a:amd:uprof_tool:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.1.396", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "4.1-424", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-10T18:41:00.791824Z", "id": "CVE-2023-20562", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T19:09:22.207Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-20562 (string)

assignerOrgId : b58fc414-a1e4-4f92-9d70-1add41838648 (string)

state : PUBLISHED (string)

assignerShortName : AMD (string)

dateReserved : 2022-10-27T18:53:39.747Z (string)

datePublished : 2023-08-08T17:13:50.810Z (string)

dateUpdated : 2024-10-10T19:09:22.207Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : affected (string)

platforms : [ »

0 : x86 (string)

1 : Windows (string)

]

product : μProf (string)

vendor : AMD (string)

versions : [ »

0 : { »

lessThan : 4.1.396 (string)

status : affected (string)

version : various (string)

versionType : custom (string)

}

]

}

1 : { »

defaultStatus : unaffected (string)

platforms : [ »

0 : x86 (string)

1 : Linux (string)

]

product : μProf (string)

vendor : AMD (string)

versions : [ »

0 : { »

lessThan : 4.1-424 (string)

status : affected (string)

version : various (string)

versionType : custom (string)

}

]

}

]

datePublic : 2023-08-08T16:30:00.000Z (string)

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. (string)

}

]

value : Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. (string)

}

]

providerMetadata : { »

orgId : b58fc414-a1e4-4f92-9d70-1add41838648 (string)

shortName : AMD (string)

dateUpdated : 2023-08-08T17:13:50.810Z (string)

}

references : [ »

0 : { »

tags : [ »

0 : vendor-advisory (string)

]

url : https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 (string)

}

]

source : { »

advisory : AMD-SB-7003 (string)

discovery : UNKNOWN (string)

}

title : (string)

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T09:05:36.231Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 (string)

}

]

}

1 : { »

affected : [ »

0 : { »

vendor : amd (string)

product : uprof_tool (string)

cpes : [ »

0 : cpe:2.3:a:amd:uprof_tool:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThan : 4.1.396 (string)

versionType : custom (string)

}

1 : { »

version : 0 (string)

status : affected (string)

lessThan : 4.1-424 (string)

versionType : custom (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-10-10T18:41:00.791824Z (string)

id : CVE-2023-20562 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-10T19:09:22.207Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20562", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2022-10-27T18:53:39.747Z", "datePublished": "2023-08-08T17:13:50.810Z", "dateUpdated": "2024-10-10T19:09:22.207Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "platforms": ["x86", "Windows"], "product": "\u03bcProf", "vendor": "AMD", "versions": [{"lessThan": "4.1.396", "status": "affected", "version": "various", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["x86", "Linux"], "product": "\u03bcProf", "vendor": " AMD", "versions": [{"lessThan": "4.1-424", "status": "affected", "version": "various ", "versionType": "custom"}]}], "datePublic": "2023-08-08T16:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(248, 249, 250);\">\n\n\n\n<span style=\"background-color: rgb(248, 249, 250);\">Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.</span>\n\n\n\n\n\n\n\n</span>\n\n\n\n\n\n\n\n\n\n"}], "value": "\n\n\nInsufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2023-08-08T17:13:50.810Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"}], "source": {"advisory": "AMD-SB-7003", "discovery": "UNKNOWN"}, "title": " ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:05:36.231Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-20562", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-10T18:41:00.791824Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:amd:uprof_tool:*:*:*:*:*:*:*:*"], "vendor": "amd", "product": "uprof_tool", "versions": [{"status": "affected", "version": "0", "lessThan": "4.1.396", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "4.1-424", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T19:09:16.234Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-20562 (string)

assignerOrgId : b58fc414-a1e4-4f92-9d70-1add41838648 (string)

state : PUBLISHED (string)

assignerShortName : AMD (string)

dateReserved : 2022-10-27T18:53:39.747Z (string)

datePublished : 2023-08-08T17:13:50.810Z (string)

dateUpdated : 2024-10-10T19:09:22.207Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : affected (string)

platforms : [ »

0 : x86 (string)

1 : Windows (string)

]

product : μProf (string)

vendor : AMD (string)

versions : [ »

0 : { »

lessThan : 4.1.396 (string)

status : affected (string)

version : various (string)

versionType : custom (string)

}

]

}

1 : { »

defaultStatus : unaffected (string)

platforms : [ »

0 : x86 (string)

1 : Linux (string)

]

product : μProf (string)

vendor : AMD (string)

versions : [ »

0 : { »

lessThan : 4.1-424 (string)

status : affected (string)

version : various (string)

versionType : custom (string)

}

]

}

]

datePublic : 2023-08-08T16:30:00.000Z (string)

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. (string)

}

]

value : Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. (string)

}

]

providerMetadata : { »

orgId : b58fc414-a1e4-4f92-9d70-1add41838648 (string)

shortName : AMD (string)

dateUpdated : 2023-08-08T17:13:50.810Z (string)

}

references : [ »

0 : { »

tags : [ »

0 : vendor-advisory (string)

]

url : https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 (string)

}

]

source : { »

advisory : AMD-SB-7003 (string)

discovery : UNKNOWN (string)

}

title : (string)

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T09:05:36.231Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 (string)

}

]

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-20562 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-10-10T18:41:00.791824Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:a:amd:uprof_tool:*:*:*:*:*:*:*:* (string)

]

vendor : amd (string)

product : uprof_tool (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : 4.1.396 (string)

versionType : custom (string)

}

1 : { »

status : affected (string)

version : 0 (string)

lessThan : 4.1-424 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-10T19:09:16.234Z (string)

}

]

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB1EF217-6C1D-4FED-8F8E-4AD79D74A536", "versionEndExcluding": "4.1.396", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFC64885-C3DE-4FFB-8AD4-4B96722EC6D4", "versionEndExcluding": "4.1-424", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\n\n\nInsufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"}], "id": "CVE-2023-20562", "lastModified": "2024-11-21T07:41:07.423", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-08T18:15:11.467", "references": [{"source": "psirt@amd.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:* (string)

matchCriteriaId : AB1EF217-6C1D-4FED-8F8E-4AD79D74A536 (string)

versionEndExcluding : 4.1.396 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A2572D17-1DE6-457B-99CC-64AFD54487EA (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BFC64885-C3DE-4FFB-8AD4-4B96722EC6D4 (string)

versionEndExcluding : 4.1-424 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 703AF700-7A70-47E2-BC3A-7FD03B3CA9C1 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. (string)

}

]

id : CVE-2023-20562 (string)

lastModified : 2024-11-21T07:41:07.423 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-08-08T18:15:11.467 (string)

references : [ »

0 : { »

source : psirt@amd.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 (string)

}

]

sourceIdentifier : psirt@amd.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "hw: amd: uProf allow unsigned driver to load", "id": "2224044", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224044"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-782", "details": ["Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.", "Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver, potentially leading to arbitrary kernel execution."], "mitigation": {"lang": "en:us", "value": "Please contact AMD support for updates."}, "name": "CVE-2023-20562", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-08-08T06:30:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-20562\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20562\nhttps://www.amd.com/en/resources/product-security/bulletin/amd-sb-7003.html"], "threat_severity": "Important"}

{

bugzilla : { »

description : hw: amd: uProf allow unsigned driver to load (string)

id : 2224044 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2224044 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 8.8 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H (string)

status : draft (string)

}

cwe : CWE-782 (string)

details : [ »

0 : Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. (string)

1 : Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver, potentially leading to arbitrary kernel execution. (string)

]

mitigation : { »

lang : en:us (string)

value : Please contact AMD support for updates. (string)

}

name : CVE-2023-20562 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)