Login Sign Up

CVE-2023-31349

7.3 HIGH

📋 TL;DR

Incorrect default permissions in AMD μProf installation directory allow local attackers to modify files, potentially leading to privilege escalation and arbitrary code execution. This affects systems with AMD μProf installed, particularly where multiple users have access.

💻 Affected Systems

Products:
  • AMD μProf
Versions: All versions prior to the fix
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Requires local access to the system with AMD μProf installed

📦 What is this software?

Uprof by Amd

View all CVEs affecting Uprof →

Uprof by Amd

View all CVEs affecting Uprof →

Uprof by Amd

View all CVEs affecting Uprof →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains SYSTEM/root privileges and executes arbitrary code with full system control

🟠

Likely Case

Local authenticated user escalates privileges to install malware, access sensitive data, or modify system configurations

🟢

If Mitigated

Attack prevented through proper file permissions and user access controls

🌐 Internet-Facing: LOW - Requires local access to the system
🏢 Internal Only: MEDIUM - Internal users with local access could exploit this for privilege escalation

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires local authenticated access; exploitation involves modifying files in the installation directory

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to latest version as specified in AMD advisory

Vendor Advisory: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001

Restart Required: Yes

Instructions:

1. Download latest AMD μProf version from AMD website. 2. Uninstall current version. 3. Install updated version. 4. Restart system.

🔧 Temporary Workarounds

Restrict installation directory permissions

all

Manually set proper file permissions on AMD μProf installation directory

Windows: icacls "C:\Program Files\AMD\μProf" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" "Users:(OI)(CI)RX"
Linux: chmod 755 /opt/amd/μprof && chown root:root /opt/amd/μprof -R

🧯 If You Can't Patch

  • Remove AMD μProf from systems where it's not essential
  • Implement strict access controls and monitor for unauthorized file modifications in the installation directory

🔍 How to Verify

Check if Vulnerable:

Check if AMD μProf is installed and review installation directory permissions for excessive write access

Check Version:

Windows: μProf --version or check in Programs and Features; Linux: μprof --version

Verify Fix Applied:

Verify updated version is installed and installation directory has proper restrictive permissions

📡 Detection & Monitoring

Log Indicators:

  • File modification events in AMD μProf installation directory
  • Unexpected privilege escalation attempts

Network Indicators:

  • None - local attack only

SIEM Query:

EventID=4663 OR EventID=4656 AND ObjectName contains "AMD\\μProf" AND AccessMask contains "WRITE"

📊 Metadata

CVE ID: CVE-2023-31349
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-276
Published: August 13, 2024
Last Updated: December 12, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31349, you might also want to check these:

CVE-2025-40585 9.9

Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro...

Same vulnerability type (CWE-276)
CVE-2023-47462 9.8

This vulnerability allows remote attackers to execute arbitrary code on GL.iNet AX1800 routers by ex...

Same vulnerability type (CWE-276)
CVE-2022-41572 9.8

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) where nmap can be exec...

Same vulnerability type (CWE-276)