Vulnerability Details : CVE-2023-31349
Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
Vulnerability category: Gain privilege
Products affected by CVE-2023-31349
- cpe:2.3:a:amd:uprof:*:*:*:*:*:linux:*:*
- cpe:2.3:a:amd:uprof:*:*:*:*:*:freebsd:*:*
- cpe:2.3:a:amd:uprof:*:*:*:*:*:windows:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-31349
0.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 4 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-31349
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.3
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
N/A
|
N/A
|
Advanced Micro Devices Inc. | 2024-08-13 |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-12-03 |
|
7.3
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.3
|
5.9
|
Advanced Micro Devices Inc. | 2024-08-13 |
CWE ids for CVE-2023-31349
-
During installation, installed file permissions are set to allow anyone to modify those files.Assigned by:
- b58fc414-a1e4-4f92-9d70-1add41838648 (Primary)
- nvd@nist.gov (Primary)
- psirt@amd.com (Secondary)
References for CVE-2023-31349
-
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001
AMD µPROF Security NoticeVendor Advisory
Jump to