{ "id": "CVE-2023-31341", "sourceIdentifier": "psirt@amd.com", "published": "2024-08-13T17:15:21.087", "lastModified": "2025-02-26T07:14:52.160", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insufficient\nvalidation of the Input Output Control (IOCTL) input buffer in AMD \u03bcProf may\nallow an authenticated attacker to cause an out-of-bounds write, potentially\ncausing a Windows\u00ae OS crash, resulting in denial of service." }, { "lang": "es", "value": "Una validaci\u00f3n insuficiente del b\u00fafer de entrada de control de entrada y salida (IOCTL) en AMD ?Prof puede\npermitir que un atacante autenticado provoque una escritura fuera de los l\u00edmites, lo que podr\u00eda\ncausar un bloqueo del sistema operativo Windows\u00ae y, como resultado, una denegaci\u00f3n de servicio." } ], "metrics": { "cvssMetricV31": [ { "source": "psirt@amd.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.3, "impactScore": 5.9 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "psirt@amd.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-284" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:amd:uprof:*:*:*:*:*:linux:*:*", "versionEndExcluding": "4.1.424", "matchCriteriaId": "4B13FA61-9E51-45AF-A0F8-0C3A518B390A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:amd:uprof:*:*:*:*:*:freebsd:*:*", "versionEndExcluding": "4.2.816", "matchCriteriaId": "50D6F227-1657-451F-AF90-A68B6A4BF03A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:amd:uprof:*:*:*:*:*:windows:*:*", "versionEndExcluding": "4.2.845", "matchCriteriaId": "E175F21E-6872-42B1-8C4C-6B473440EE12" } ] } ] } ], "references": [ { "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001", "source": "psirt@amd.com", "tags": [ "Vendor Advisory" ] } ] }