Description
Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability.
Published: 2026-06-09
Score: 6.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

AMD uProf allows unrestricted allocation of system resources. An attacker that can trigger this allocation can drain available memory or CPU, leading to a loss of availability of the affected system. The flaw is a classic uncontrolled resource consumption weakness as reflected by CWE‑770.

Affected Systems

The vulnerability affects AMD uProf, with no specific version information disclosed. The impact applies to all installations of this profiling tool where the resource allocation limits are not enforced.

Risk and Exploitability

The CVSS score of 6.8 indicates a moderate severity. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector requires the ability to invoke AMD uProf or trigger its resource allocation routines, implying either local privilege or a compromised privileged process. No public exploit is known, but the risk is that an attacker with sufficient access could exhaust resources and cause a denial of service.

Generated by OpenCVE AI on June 9, 2026 at 21:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available AMD uProf update from AMD’s product security site.
  • If no patch is available, disable the AMD uProf service or profile functionalities to prevent unauthorized resource allocation.
  • Monitor system resources for unexpected spikes and enforce OS level limits (e.g., cgroups) to contain potential depletion.

Generated by OpenCVE AI on June 9, 2026 at 21:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Title Unrestricted Resource Allocation in AMD uProf Leading to Denial of Service

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability.
Weaknesses CWE-770
References
Metrics cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-06-09T18:58:30.614Z

Reserved: 2026-02-25T15:31:43.695Z

Link: CVE-2026-28237

cve-icon Vulnrichment

Updated: 2026-06-09T18:58:26.955Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T18:16:37.897

Modified: 2026-06-09T19:30:24.713

Link: CVE-2026-28237

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T21:15:05Z

Weaknesses