CVE-2025-29933

CWE-787 — Out-of-bounds Write CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 86.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Uprof

Timeline

PublishedNov 24

Description

Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDamd/uprof< 5.1.576+2

🔴Vulnerability Details

CVEList

CVE-2025-29933: Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service↗2025-11-24

▶

GHSA

GHSA-hfcq-p5vj-gm69: Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service↗2025-11-24

▶

📋Vendor Advisories

Microsoft

llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument.↗2023-05-09

▶