uprof
by AMD
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-20562 | Hig | 0.51 | 7.8 | 0.01 | Aug 8, 2023 | Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. | ||
| CVE-2024-36340 | Med | 0.43 | 6.6 | 0.00 | May 13, 2025 | A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure. | ||
| CVE-2026-28237 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability. | ||
| CVE-2026-0466 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service. | ||
| CVE-2025-29933 | 0.00 | — | 0.00 | Nov 24, 2025 | Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service | |||
| CVE-2025-48511 | 0.00 | — | 0.00 | Nov 24, 2025 | Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service. | |||
| CVE-2025-48510 | 0.00 | — | 0.00 | Nov 24, 2025 | Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability. | |||
| CVE-2025-48502 | 0.00 | — | 0.00 | Nov 21, 2025 | Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service. |
- risk 0.51cvss 7.8epss 0.01
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.
- risk 0.43cvss 6.6epss 0.00
A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure.
- risk 0.36cvss 5.5epss 0.00
Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability.
- risk 0.36cvss 5.5epss 0.00
Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service.
- CVE-2025-29933Nov 24, 2025risk 0.00cvss —epss 0.00
Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service
- CVE-2025-48511Nov 24, 2025risk 0.00cvss —epss 0.00
Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service.
- CVE-2025-48510Nov 24, 2025risk 0.00cvss —epss 0.00
Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability.
- CVE-2025-48502Nov 21, 2025risk 0.00cvss —epss 0.00
Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service.