CVE-2026-0466
Analyzed Analyzed - Analysis Complete

Improper Access Control in AMD uProf

Publication date: 2026-06-09

Last updated on: 2026-06-16

Assigner: Advanced Micro Devices Inc.

Description
Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-16
Generated
2026-06-30
AI Q&A
2026-06-10
EPSS Evaluated
2026-06-28
NVD
CVE-2026-0466
EUVD
EUVD-2026-35767

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
amd uprof to 5.3.518 (exc)
amd uprof to 5.3.518 (exc)
amd uprof to 5.3.518 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-0466 is a vulnerability in AMD uProf, a performance analysis tool suite for x86-based applications on Windows, Linux, and FreeBSD.

The issue allows a local attacker with user privileges to write to memory mapped by the kernel. This happens because the driver creates a shared section object with a NULL security descriptor and exposes kernel pointers in shared memory, enabling potential writes to kernel-mapped memory.

Exploitation of this vulnerability could lead to system crashes or denial-of-service conditions.

Impact Analysis

This vulnerability can allow a local attacker with user privileges to write to kernel-shared memory, which can cause the system to crash or become unavailable.

The impact includes potential denial of service, disrupting normal system operations and possibly affecting system stability.

Detection Guidance

This vulnerability involves improper access control in AMD uProf allowing local user privilege writes to kernel-shared memory. Detection would focus on identifying the presence and version of AMD uProf installed on the system.

You can check the installed version of AMD uProf to determine if it is vulnerable by running commands such as:

  • On Linux: `amduprofc --version` or `amduprofc -v`
  • On Windows: Check the installed program version via Control Panel or run `amduprofc.exe --version` in Command Prompt or PowerShell if available.

Additionally, monitoring for unusual system crashes or denial-of-service symptoms related to kernel memory access could indicate exploitation attempts.

Mitigation Strategies

The primary mitigation step is to update AMD uProf to version 5.3 or higher, as AMD has released this update to address the vulnerability.

Until the update can be applied, restrict local user access to AMD uProf and avoid running it with user privileges that could exploit the vulnerability.

Monitoring system stability and access logs for suspicious activity related to AMD uProf usage is also recommended.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0466. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart