CVE-2022-27674

Summary

Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.

Affected Software

VendorProductVersion RangeStatus
AMDAMD μProfAMDuProf_FreeBSD_x64 < 3.6.549affected
AMDAMD μProfAMDuProf Windows < 3.6.839affected
AMDAMD μProfAMDuProf Linux < 3.6-449affected

Weaknesses

  • NA

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References