CVE-2023-20562

Name of the Vulnerable Software and Affected Versions AMD uProf (affected versions not specified)

Description Insufficient validation in the IOCTL input buffer in AMD uProf may allow an authenticated user to load an unsigned driver, potentially leading to arbitrary kernel execution. The issue can be exploited to achieve privilege escalation to the SYSTEM level. A demonstration at HITCON 2023 showed the exploitation of AMDCpuProfiler.sys within AMD μProf, allowing for the loading of a malicious unsigned driver and enabling execution of malicious actions on the processes of 360 Total Security.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.