AMD uProf and Secure Processor Affected by Three Medium-Severity Flaws
Three medium-severity vulnerabilities were disclosed on June 9, 2026, impacting AMD uProf and the AMD Secure Processor, with potential for denial-of-service and integrity loss.
Key findings
- Three medium-severity vulnerabilities disclosed together on June 9, 2026.
- AMD uProf affected by resource allocation and kernel memory write flaws.
- AMD Secure Processor impacted by an IOMMU access control vulnerability.
- Potential impacts include denial of service and loss of data integrity.
- No specific affected versions or patch details were immediately available.
On June 9, 2026, a cluster of three medium-severity vulnerabilities was disclosed, affecting AMD's performance analysis tool, AMD uProf, and its AMD Secure Processor (ASP).
The vulnerabilities, all disclosed simultaneously, highlight potential weaknesses in resource management, access control, and hardware interface handling within AMD's software and hardware components.
Two of the disclosed issues specifically target AMD uProf. CVE-2026-28237 is an unrestricted resource allocation vulnerability that could allow an attacker to consume excessive system resources, leading to a denial of service. Complementing this, CVE-2026-0466 involves improper access control within AMD uProf, potentially enabling a local attacker with user privileges to write to kernel-shared memory. This could also result in a system crash or denial of service.
The third vulnerability, CVE-2025-54509, affects the input-output memory management unit (IOMMU) and the AMD Secure Processor (ASP). Improper access control for the register interface could permit a privileged attacker to cause non-coherent accesses by the ASP. This could potentially lead to a loss of data integrity.
While these vulnerabilities are classified as medium severity, their impact on system availability and data integrity warrants attention from users of the affected AMD products. The simultaneous disclosure suggests a coordinated review or discovery of these issues.
Details regarding specific affected versions or patch availability were not immediately detailed in the disclosures. Users are advised to monitor AMD's official security advisories for further information and guidance on mitigation or remediation steps. The nature of these vulnerabilities, particularly those involving resource allocation and kernel-level access, underscores the importance of maintaining up-to-date system software and security configurations.
This batch of vulnerabilities serves as a reminder for users to stay informed about security updates for critical system software and hardware components. Proactive patching and configuration management are essential to protect against potential exploitation that could lead to service disruptions or data compromise.