This information disclosure flaw is due to the fact that the AMD Link Android app does not restrict access to certain information based on the user’s role. As a result, privileged users (such as system administrators) can access information that is supposed to be viewed by only the system administrator. This information disclosure may result in system exploits, data leakage, and system-level impacts. Access to certain information (e.g. CPU model, OS version, memory size, etc.) can be limited based on a user’s role. However, this is not the case with the AMD Link Android app.
Vulnerability overview
A vulnerability has been discovered in the AMD Link Android app. The application does not restrict access to certain information based on the user’s role. As a result, privileged users (such as system administrators) can access information that is supposed to be viewed by only the system administrator. This information disclosure may result in system exploits, data leakage, and system-level impacts. Access to certain information (e.g. CPU model, OS version, memory size, etc.) can be limited based on a user’s role. However, this is not the case with the AMD Link Android app.
CVSS Scores and Impact
The following table shows the CVSS impact of this vulnerability:
CVSS Base Score (AV): 8.8
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:H
CVSS Temporal Score (Elderly): 7.6
CVE ID: CVE-2022-27673
Timeline
Published on: 11/09/2022 21:15:00 UTC
Last modified on: 11/16/2022 23:21:00 UTC