μProf
by AMD
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-26334 | Cri | 0.64 | 9.9 | 0.01 | Dec 1, 2021 | The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user. | ||
| CVE-2023-20562 | Hig | 0.51 | 7.8 | 0.01 | Aug 8, 2023 | Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. | ||
| CVE-2022-27674 | Hig | 0.49 | 7.5 | 0.01 | Nov 9, 2022 | Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. | ||
| CVE-2022-23831 | Hig | 0.49 | 7.5 | 0.01 | Nov 9, 2022 | Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. | ||
| CVE-2025-61969 | Hig | 0.46 | — | 0.00 | Feb 11, 2026 | Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||
| CVE-2023-20561 | Med | 0.36 | 5.5 | 0.00 | Aug 8, 2023 | Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service. | ||
| CVE-2023-20556 | Med | 0.36 | 5.5 | 0.00 | Aug 8, 2023 | Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service. | ||
| CVE-2025-29933 | 0.00 | — | 0.00 | Nov 24, 2025 | Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service | |||
| CVE-2025-48511 | 0.00 | — | 0.00 | Nov 24, 2025 | Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service. | |||
| CVE-2025-48510 | 0.00 | — | 0.00 | Nov 24, 2025 | Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability. | |||
| CVE-2025-48502 | 0.00 | — | 0.00 | Nov 21, 2025 | Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service. | |||
| CVE-2024-36340 | 0.00 | — | 0.00 | May 13, 2025 | A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure. | |||
| CVE-2023-31366 | 0.00 | — | 0.00 | Aug 13, 2024 | Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service. | |||
| CVE-2023-31349 | 0.00 | — | 0.00 | Aug 13, 2024 | Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||
| CVE-2023-31348 | 0.00 | — | 0.00 | Aug 13, 2024 | A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||
| CVE-2023-31341 | 0.00 | — | 0.00 | Aug 13, 2024 | Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service. |
- risk 0.64cvss 9.9epss 0.01
The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.
- risk 0.51cvss 7.8epss 0.01
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.
- risk 0.49cvss 7.5epss 0.01
Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.
- risk 0.49cvss 7.5epss 0.01
Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.
- risk 0.46cvss —epss 0.00
Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
- risk 0.36cvss 5.5epss 0.00
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.
- risk 0.36cvss 5.5epss 0.00
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.
- CVE-2025-29933Nov 24, 2025risk 0.00cvss —epss 0.00
Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service
- CVE-2025-48511Nov 24, 2025risk 0.00cvss —epss 0.00
Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service.
- CVE-2025-48510Nov 24, 2025risk 0.00cvss —epss 0.00
Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability.
- CVE-2025-48502Nov 21, 2025risk 0.00cvss —epss 0.00
Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service.
- CVE-2024-36340May 13, 2025risk 0.00cvss —epss 0.00
A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure.
- CVE-2023-31366Aug 13, 2024risk 0.00cvss —epss 0.00
Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service.
- CVE-2023-31349Aug 13, 2024risk 0.00cvss —epss 0.00
Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
- CVE-2023-31348Aug 13, 2024risk 0.00cvss —epss 0.00
A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
- CVE-2023-31341Aug 13, 2024risk 0.00cvss —epss 0.00
Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.