Description
Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service.
Published: 2026-06-09
Score: 6.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper access control within the AMD µProf tool enables a local attacker with standard user privileges to write to a kernel‑shared memory region. This capability can cause a system crash or denial of service, disrupting availability for users. The weakness corresponds to CWE‑497, which reflects insufficient enforcement of access restrictions on privileged resources.

Affected Systems

The vulnerability affects AMD µProf, the performance profiling component of AMD drivers. Specific version numbers are not disclosed in the advisory; administrators should verify all deployed µProf installations for exposure, as any version prior to the vendor’s update could potentially be impacted.

Risk and Exploitability

The CVSS score of 6.8 indicates a moderate risk to the affected system. Because the exploit requires local access and user privileges, an adversary must already have some foothold on the machine. The EPSS score is unavailable, and the vulnerability is not listed in CISA KEV, suggesting that publicly known exploitation is currently limited. Nonetheless, local exploitation could immediately crash the system, so vigilance remains warranted.

Generated by OpenCVE AI on June 9, 2026 at 21:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest AMD uProf security update or patch that addresses the improper access control issue.
  • Enforce strict access controls on the kernel‑shared memory area, limiting write permissions to trusted system processes and preventing ordinary user accounts from performing write operations.
  • Monitor system stability and kernel logs for repeated crashes or abnormal memory access activity, and configure alerts if such events occur.

Generated by OpenCVE AI on June 9, 2026 at 21:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Improper Access Control in AMD uProf

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service.
Weaknesses CWE-497
References
Metrics cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-06-09T18:57:37.132Z

Reserved: 2025-12-06T15:11:22.297Z

Link: CVE-2026-0466

cve-icon Vulnrichment

Updated: 2026-06-09T18:57:29.876Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T18:16:33.993

Modified: 2026-06-09T19:30:24.713

Link: CVE-2026-0466

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T21:15:05Z

Weaknesses