CVE-2022-27673 Inadequate access controls in the AMD Link Android app may result in information disclosure.

CVE-2022-27673 Inadequate access controls in the AMD Link Android app may result in information disclosure.

This information disclosure flaw is due to the fact that the AMD Link Android app does not restrict access to certain information based on the user’s role. As a result, privileged users (such as system administrators) can access information that is supposed to be viewed by only the system administrator. This information disclosure may result in system exploits, data leakage, and system-level impacts. Access to certain information (e.g. CPU model, OS version, memory size, etc.) can be limited based on a user’s role. However, this is not the case with the AMD Link Android app.

Vulnerability overview

A vulnerability has been discovered in the AMD Link Android app. The application does not restrict access to certain information based on the user’s role. As a result, privileged users (such as system administrators) can access information that is supposed to be viewed by only the system administrator. This information disclosure may result in system exploits, data leakage, and system-level impacts. Access to certain information (e.g. CPU model, OS version, memory size, etc.) can be limited based on a user’s role. However, this is not the case with the AMD Link Android app.

CVSS Scores and Impact

The following table shows the CVSS impact of this vulnerability:
CVSS Base Score (AV): 8.8
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:H
CVSS Temporal Score (Elderly): 7.6
CVE ID: CVE-2022-27673

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe