AMD μProf Security Bulletin
Bulletin ID: AMD-SB-1046
Potential Impact: Denial of service
Severity: Medium
Summary
AMD μProf (“MICRO-prof”) is a software profiling analysis tool for x86 applications running on Windows, Linux and FreeBSD operating systems and provides event information unique to the AMD “Zen”-based processors and AMD INSTINCT™ MI Series accelerators. AMD μProf enables the developer to better understand the limiters of application performance and evaluate improvements.
An external researcher reported a vulnerability in AMD μProf where insufficient validation of inputs to the IOCTI buffer could potentially allow an attacker to cause a Windows kernel crash resulting in a denial of service.
CVE-2022-23831
Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.
CVE-2022-27674
Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.
Affected Products
AMD μProf
Mitigation
AMD recommends updating AMD μProf to the following versions:
| OS | Version |
| FreeBSD | AMDuProf_FreeBSD_x64_3.6.549.tar.bz2 |
| Windows | AMDuProf-3.6.839.exe |
| Linux | AMDuProf_Linux_x64_3.6.449.tar.bz2 |
| Linux | amduprof_3.6-449_amd64.deb |
| Linux | amduprof-3.6-449.x86_64.rpm |
Acknowledgement
AMD thanks Thiago Peixoto for reporting these issues and engaging in coordinated vulnerability disclosure.
Revisions
| Revision Date | Description |
| 11/8/2022 | Initial publication |