Bug 2224044 (CVE-2023-20562) - CVE-2023-20562 hw: amd: uProf allow unsigned driver to load
Summary: CVE-2023-20562 hw: amd: uProf allow unsigned driver to load
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2023-20562
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2224053
TreeView+ depends on / blocked
 
Reported: 2023-07-19 16:30 UTC by Rohit Keshri
Modified: 2023-08-08 21:38 UTC (History)
43 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2023-08-08 21:38:16 UTC
Embargoed:

Attachments (Terms of Use)

Description Rohit Keshri 2023-07-19 16:30:56 UTC 
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.

AMD μProf (“MICRO-prof”) is a software profiling analysis tool for x86 applications running on Windows, Linux and FreeBSD operating systems and provides event information unique to the AMD “Zen”-based processors and AMD INSTINCTTM MI Series accelerators. AMD μProf enables the developer to better understand application performance and evaluate potential improvements.

Refer:
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7003.html
Comment 5 Product Security DevOps Team 2023-08-08 21:38:12 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-20562
Note You need to log in before you can comment on or make changes to this bug.