{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-23831", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "datePublished": "2022-11-08T00:00:00", "dateUpdated": "2022-11-09T00:00:00", "dateReserved": "2022-01-21T00:00:00"}, "containers": {"cna": {"datePublic": "2022-11-08T00:00:00", "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2022-11-09T00:00:00"}, "descriptions": [{"lang": "en", "value": "Insufficient validation of the IOCTL input buffer in AMD \u03bcProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service."}], "affected": [{"vendor": "AMD", "product": "AMD \u03bcProf ", "versions": [{"version": "AMDuProf_FreeBSD_x64", "status": "affected", "lessThan": "3.6.549", "versionType": "custom"}, {"version": "AMDuProf Windows", "status": "affected", "lessThan": "3.6.839", "versionType": "custom"}, {"version": "AMDuProf Linux", "status": "affected", "lessThan": "3.6-449", "versionType": "custom"}]}], "references": [{"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "NA"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "AMD-SB-1046", "discovery": "EXTERNAL"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*", "matchCriteriaId": "F198CD40-B926-49C8-9FDA-D5853A7FF4EA", "versionEndExcluding": "3.6.549", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B2AEFCC-A2F6-45A6-A2EF-24F7906E44E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAC6A7D5-0F04-4473-9480-EBC7A8860ABE", "versionEndExcluding": "3.6.839", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:amd:amd_uprof:*:*:*:*:*:*:*:*", "matchCriteriaId": "738F3D59-9A14-4DCD-B1EE-30E07EC362D3", "versionEndExcluding": "3.6.449", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Insufficient validation of the IOCTL input buffer in AMD \u03bcProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service."}, {"lang": "es", "value": "Una validaci\u00f3n insuficiente del b\u00fafer de entrada IOCTL en AMD ?Prof puede permitir que un atacante env\u00ede un b\u00fafer arbitrario que provoque una posible falla del kernel de Windows que provoque una denegaci\u00f3n de servicio."}], "id": "CVE-2022-23831", "lastModified": "2023-11-07T03:44:19.953", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-09T21:15:13.817", "references": [{"source": "psirt@amd.com", "tags": ["Vendor Advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}