Amd Uprof vulnerabilities

9 known vulnerabilities affecting amd/uprof.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2025-48510HIGHCVSS 7.1fixed in 5.0.1174fixed in 5.0.1223+1 more2025-11-24
CVE-2025-48510 [HIGH] CWE-394 CVE-2025-48510: Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially result Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability.
nvd
CVE-2025-48511MEDIUMCVSS 5.5fixed in 5.0.1174fixed in 5.0.1223+1 more2025-11-24
CVE-2025-48511 [MEDIUM] CWE-1285 CVE-2025-48511: Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physi Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service.
nvd
CVE-2025-29933MEDIUMCVSS 5.5fixed in 5.1.576fixed in 5.1.663+1 more2025-11-24
CVE-2025-29933 [MEDIUM] CWE-787 CVE-2025-29933: Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potent Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service
nvd
CVE-2025-48502MEDIUMCVSS 5.5fixed in 5.0.1174fixed in 5.0.1223+1 more2025-11-21
CVE-2025-48502 [MEDIUM] CWE-1285 CVE-2025-48502: Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, po Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service.
nvd
CVE-2024-36340MEDIUMCVSS 6.6fixed in 5.0.1174fixed in 5.0.1223+1 more2025-05-13
CVE-2024-36340 [MEDIUM] CWE-1386 CVE-2024-36340: A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure.
nvd
CVE-2023-31349HIGHCVSS 7.8fixed in 4.1.424fixed in 4.2.816+1 more2024-08-13
CVE-2023-31349 [HIGH] CWE-276 CVE-2023-31349: Incorrect default permissions in the AMD μProf installation directory could allow an attacker to ach Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
nvd
CVE-2023-31348HIGHCVSS 7.8fixed in 4.1.424fixed in 4.2.816+1 more2024-08-13
CVE-2023-31348 [HIGH] CWE-427 CVE-2023-31348: A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
nvd
CVE-2023-31341MEDIUMCVSS 5.5fixed in 4.1.424fixed in 4.2.816+1 more2024-08-13
CVE-2023-31341 [HIGH] CWE-284 CVE-2023-31341: Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an a Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.
nvd
CVE-2023-31366MEDIUMCVSS 5.5fixed in 4.1.424fixed in 4.2.816+1 more2024-08-13
CVE-2023-31366 [LOW] CWE-20 CVE-2023-31366: Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid addr Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service.
nvd