Description
Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service.
Published: 2026-06-09
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper access control within the AMD µProf tool enables a local attacker with standard user privileges to write to a kernel‑shared memory region. This capability can cause a system crash or denial of service, disrupting availability for users. The weakness corresponds to CWE‑497, which reflects insufficient enforcement of access restrictions on privileged resources.

Affected Systems

The vulnerability affects AMD µProf, the performance profiling component of AMD drivers. Specific version numbers are not disclosed in the advisory; administrators should verify all deployed µProf installations for exposure, as any version prior to the vendor’s update could potentially be impacted.

Risk and Exploitability

The CVSS score of 6.8 indicates a moderate risk to the affected system. Because the exploit requires local access and user privileges, an adversary must already have some foothold on the machine. The EPSS score is unavailable, and the vulnerability is not listed in CISA KEV, suggesting that publicly known exploitation is currently limited. Nonetheless, local exploitation could immediately crash the system, so vigilance remains warranted.

Generated by OpenCVE AI on June 9, 2026 at 21:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest AMD uProf security update or patch that addresses the improper access control issue.
  • Enforce strict access controls on the kernel‑shared memory area, limiting write permissions to trusted system processes and preventing ordinary user accounts from performing write operations.
  • Monitor system stability and kernel logs for repeated crashes or abnormal memory access activity, and configure alerts if such events occur.

Generated by OpenCVE AI on June 9, 2026 at 21:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Amd uprof
CPEs cpe:2.3:a:amd:uprof:*:*:*:*:*:freebsd:*:*
cpe:2.3:a:amd:uprof:*:*:*:*:*:linux:*:*
cpe:2.3:a:amd:uprof:*:*:*:*:*:windows:*:*
Vendors & Products Amd uprof
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Wed, 10 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Amd
Amd amd Uprof
Vendors & Products Amd
Amd amd Uprof

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Improper Access Control in AMD uProf

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service.
Weaknesses CWE-497
References
Metrics cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Amd Amd Uprof Uprof
cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-06-09T18:57:37.132Z

Reserved: 2025-12-06T15:11:22.297Z

Link: CVE-2026-0466

cve-icon Vulnrichment

Updated: 2026-06-09T18:57:29.876Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-09T18:16:33.993

Modified: 2026-06-16T18:05:33.723

Link: CVE-2026-0466

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T11:00:14Z

Weaknesses
  • CWE-497

    Exposure of Sensitive System Information to an Unauthorized Control Sphere