CVE-2021-26334

CWE-284 — Improper Access Control CWE-269 — Improper Privilege Management3 documents3 sources

Severity

9.9CRITICAL

EPSS

0.5%

top 33.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Μprof Tool AMD AMD Uprof

Timeline

PublishedDec 1

Latest updateDec 2

Description

The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5amd/μprof_toolμProf Tool — 3.4.494

▶NVDamd/amd_uprof< 3.4.494+1

🔴Vulnerability Details

GHSA

GHSA-4xjc-qqh2-pgwj: The AMDPowerProfiler↗2021-12-02

▶

CVEList

AMD Chipset Driver Information Disclosure Vulnerability↗2021-12-01

▶