Login Sign Up

CVE-2023-31341

7.3 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

This vulnerability in AMD μProf allows authenticated attackers to trigger an out-of-bounds write through insufficient IOCTL input validation, potentially causing Windows OS crashes and denial of service. It affects users running AMD μProf on Windows systems.

💻 Affected Systems

Products:
  • AMD μProf
Versions: Specific versions not detailed in advisory; check AMD security bulletin for affected versions
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user access to execute μProf with sufficient privileges.

📦 What is this software?

Uprof by Amd

View all CVEs affecting Uprof →

Uprof by Amd

View all CVEs affecting Uprof →

Uprof by Amd

View all CVEs affecting Uprof →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash leading to sustained denial of service, requiring physical intervention to restore functionality.

🟠

Likely Case

Temporary system instability or crash requiring reboot, disrupting user productivity and potentially causing data loss in unsaved work.

🟢

If Mitigated

Minimal impact with proper access controls preventing unauthorized users from executing μProf with elevated privileges.

🌐 Internet-Facing: LOW - Requires local authenticated access and μProf installation.
🏢 Internal Only: MEDIUM - Authenticated users with μProf access could disrupt systems, but requires specific conditions.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authenticated access and understanding of IOCTL manipulation; no public exploit details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check AMD security bulletin SB-9001 for specific patched versions

Vendor Advisory: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001

Restart Required: Yes

Instructions:

1. Visit AMD security bulletin SB-9001
2. Download latest μProf version
3. Uninstall current version
4. Install updated version
5. Restart system

🔧 Temporary Workarounds

Restrict μProf Access

windows

Limit μProf installation and execution to trusted administrators only

Remove μProf

windows

Uninstall μProf from non-essential systems

Control Panel > Programs > Uninstall AMD μProf

🧯 If You Can't Patch

  • Restrict user permissions to prevent unauthorized μProf execution
  • Monitor systems for μProf crash events and investigate anomalies

🔍 How to Verify

Check if Vulnerable:

Check μProf version against AMD security bulletin; if running affected version and on Windows, system is vulnerable

Check Version:

Check μProf 'About' section or installation details

Verify Fix Applied:

Verify μProf version matches or exceeds patched version listed in AMD advisory

📡 Detection & Monitoring

Log Indicators:

  • Windows Event Logs: System crashes, application errors from μProf
  • Security logs: Unusual process termination events

Network Indicators:

  • No network indicators - local vulnerability

SIEM Query:

EventID=1000 OR EventID=1001 AND SourceName='Application Error' AND ProcessName LIKE '%μProf%'

📊 Metadata

CVE ID: CVE-2023-31341
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-284
Published: August 13, 2024
Last Updated: February 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31341, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)