Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for AMD μProf by AMD
CVE-2025-48511 (GCVE-0-2025-48511)
Vulnerability from nvd – Published: 2025-11-24 21:00 – Updated: 2025-11-24 21:13
VLAI?
Summary
Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service.
Severity ?
5.5 (Medium)
CWE
- CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
Assigner
References
Date Public ?
2025-11-24 21:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T21:12:56.753582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T21:13:33.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD \u03bcProf",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2025-11-24T21:00:11.556Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service. \u003cbr\u003e"
}
],
"value": "Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1285",
"description": "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T21:00:32.010Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-48511",
"datePublished": "2025-11-24T21:00:32.010Z",
"dateReserved": "2025-05-22T16:34:02.896Z",
"dateUpdated": "2025-11-24T21:13:33.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48510 (GCVE-0-2025-48510)
Vulnerability from nvd – Published: 2025-11-24 20:56 – Updated: 2025-11-24 21:07
VLAI?
Summary
Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability.
Severity ?
7.1 (High)
CWE
- CWE-394 - Unexpected Status Code or Return Value
Assigner
References
Date Public ?
2025-11-24 20:58
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T21:06:59.280724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T21:07:15.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD \u03bcProf",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2025-11-24T20:58:29.593Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability. \u003cbr\u003e"
}
],
"value": "Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-394",
"description": "CWE-394 Unexpected Status Code or Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T20:58:56.416Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-48510",
"datePublished": "2025-11-24T20:56:39.348Z",
"dateReserved": "2025-05-22T16:34:02.896Z",
"dateUpdated": "2025-11-24T21:07:15.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-29933 (GCVE-0-2025-29933)
Vulnerability from nvd – Published: 2025-11-24 21:03 – Updated: 2025-11-24 21:17
VLAI?
Summary
Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Date Public ?
2025-11-24 21:03
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T21:17:06.181682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T21:17:12.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD \u03bcProf",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "uProf 5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2025-11-24T21:03:28.434Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service\u003cbr\u003e"
}
],
"value": "Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T21:03:48.656Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-29933",
"datePublished": "2025-11-24T21:03:48.656Z",
"dateReserved": "2025-03-12T15:14:59.391Z",
"dateUpdated": "2025-11-24T21:17:12.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48502 (GCVE-0-2025-48502)
Vulnerability from nvd – Published: 2025-11-21 19:07 – Updated: 2025-11-24 21:02
VLAI?
Summary
Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service.
Severity ?
5.5 (Medium)
CWE
- CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
Assigner
References
Date Public ?
2025-11-24 21:02
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-21T19:19:08.282013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T19:19:29.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD \u03bcProf",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2025-11-24T21:02:15.564Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service. \u003cbr\u003e"
}
],
"value": "Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1285",
"description": "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T21:02:33.311Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-48502",
"datePublished": "2025-11-21T19:07:34.889Z",
"dateReserved": "2025-05-22T16:34:02.895Z",
"dateUpdated": "2025-11-24T21:02:33.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36340 (GCVE-0-2024-36340)
Vulnerability from nvd – Published: 2025-05-13 14:04 – Updated: 2025-05-13 16:51
VLAI?
Summary
A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure.
Severity ?
6.6 (Medium)
CWE
- CWE-1386 - - Insecure Operation on Windows Junction / Mount Point
Assigner
References
Date Public ?
2025-05-13 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T14:15:49.956427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T14:16:30.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD \u03bcProf",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "5.0"
}
]
}
],
"datePublic": "2025-05-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure."
}
],
"value": "A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1386",
"description": "CWE-1386 - Insecure Operation on Windows Junction / Mount Point",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T16:51:13.565Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9013.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2024-36340",
"datePublished": "2025-05-13T14:04:09.613Z",
"dateReserved": "2024-05-23T19:44:47.200Z",
"dateUpdated": "2025-05-13T16:51:13.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27674 (GCVE-0-2022-27674)
Vulnerability from nvd – Published: 2022-11-09 20:45 – Updated: 2025-05-01 14:11
VLAI?
Summary
Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.
Severity ?
7.5 (High)
CWE
- NA
Assigner
References
Impacted products
Date Public ?
2022-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-27674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T14:10:57.351851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T14:11:02.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AMD \u03bcProf",
"vendor": "AMD",
"versions": [
{
"lessThan": "3.6.549",
"status": "affected",
"version": "AMDuProf_FreeBSD_x64",
"versionType": "custom"
},
{
"lessThan": "3.6.839",
"status": "affected",
"version": "AMDuProf Windows",
"versionType": "custom"
},
{
"lessThan": "3.6-449",
"status": "affected",
"version": "AMDuProf Linux",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation in the IOCTL input/output buffer in AMD \u03bcProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-09T00:00:00.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
],
"source": {
"advisory": "AMD-SB-1046",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-27674",
"datePublished": "2022-11-09T20:45:35.675Z",
"dateReserved": "2022-03-23T00:00:00.000Z",
"dateUpdated": "2025-05-01T14:11:02.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23831 (GCVE-0-2022-23831)
Vulnerability from nvd – Published: 2022-11-09 20:45 – Updated: 2025-05-01 14:09
VLAI?
Summary
Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.
Severity ?
7.5 (High)
CWE
- NA
Assigner
References
Impacted products
Date Public ?
2022-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-23831",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T14:08:11.372942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T14:09:12.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AMD \u03bcProf",
"vendor": "AMD",
"versions": [
{
"lessThan": "3.6.549",
"status": "affected",
"version": "AMDuProf_FreeBSD_x64",
"versionType": "custom"
},
{
"lessThan": "3.6.839",
"status": "affected",
"version": "AMDuProf Windows",
"versionType": "custom"
},
{
"lessThan": "3.6-449",
"status": "affected",
"version": "AMDuProf Linux",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of the IOCTL input buffer in AMD \u03bcProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-09T00:00:00.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
],
"source": {
"advisory": "AMD-SB-1046",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23831",
"datePublished": "2022-11-09T20:45:40.420Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2025-05-01T14:09:12.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-29933 (GCVE-0-2025-29933)
Vulnerability from cvelistv5 – Published: 2025-11-24 21:03 – Updated: 2025-11-24 21:17
VLAI?
Summary
Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Date Public ?
2025-11-24 21:03
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T21:17:06.181682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T21:17:12.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD \u03bcProf",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "uProf 5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2025-11-24T21:03:28.434Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service\u003cbr\u003e"
}
],
"value": "Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T21:03:48.656Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-29933",
"datePublished": "2025-11-24T21:03:48.656Z",
"dateReserved": "2025-03-12T15:14:59.391Z",
"dateUpdated": "2025-11-24T21:17:12.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48511 (GCVE-0-2025-48511)
Vulnerability from cvelistv5 – Published: 2025-11-24 21:00 – Updated: 2025-11-24 21:13
VLAI?
Summary
Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service.
Severity ?
5.5 (Medium)
CWE
- CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
Assigner
References
Date Public ?
2025-11-24 21:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T21:12:56.753582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T21:13:33.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD \u03bcProf",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2025-11-24T21:00:11.556Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service. \u003cbr\u003e"
}
],
"value": "Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1285",
"description": "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T21:00:32.010Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-48511",
"datePublished": "2025-11-24T21:00:32.010Z",
"dateReserved": "2025-05-22T16:34:02.896Z",
"dateUpdated": "2025-11-24T21:13:33.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48510 (GCVE-0-2025-48510)
Vulnerability from cvelistv5 – Published: 2025-11-24 20:56 – Updated: 2025-11-24 21:07
VLAI?
Summary
Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability.
Severity ?
7.1 (High)
CWE
- CWE-394 - Unexpected Status Code or Return Value
Assigner
References
Date Public ?
2025-11-24 20:58
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T21:06:59.280724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T21:07:15.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD \u03bcProf",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2025-11-24T20:58:29.593Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability. \u003cbr\u003e"
}
],
"value": "Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-394",
"description": "CWE-394 Unexpected Status Code or Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T20:58:56.416Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-48510",
"datePublished": "2025-11-24T20:56:39.348Z",
"dateReserved": "2025-05-22T16:34:02.896Z",
"dateUpdated": "2025-11-24T21:07:15.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48502 (GCVE-0-2025-48502)
Vulnerability from cvelistv5 – Published: 2025-11-21 19:07 – Updated: 2025-11-24 21:02
VLAI?
Summary
Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service.
Severity ?
5.5 (Medium)
CWE
- CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
Assigner
References
Date Public ?
2025-11-24 21:02
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-21T19:19:08.282013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T19:19:29.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD \u03bcProf",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2025-11-24T21:02:15.564Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service. \u003cbr\u003e"
}
],
"value": "Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1285",
"description": "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T21:02:33.311Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-48502",
"datePublished": "2025-11-21T19:07:34.889Z",
"dateReserved": "2025-05-22T16:34:02.895Z",
"dateUpdated": "2025-11-24T21:02:33.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36340 (GCVE-0-2024-36340)
Vulnerability from cvelistv5 – Published: 2025-05-13 14:04 – Updated: 2025-05-13 16:51
VLAI?
Summary
A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure.
Severity ?
6.6 (Medium)
CWE
- CWE-1386 - - Insecure Operation on Windows Junction / Mount Point
Assigner
References
Date Public ?
2025-05-13 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T14:15:49.956427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T14:16:30.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD \u03bcProf",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "5.0"
}
]
}
],
"datePublic": "2025-05-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure."
}
],
"value": "A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1386",
"description": "CWE-1386 - Insecure Operation on Windows Junction / Mount Point",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T16:51:13.565Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9013.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2024-36340",
"datePublished": "2025-05-13T14:04:09.613Z",
"dateReserved": "2024-05-23T19:44:47.200Z",
"dateUpdated": "2025-05-13T16:51:13.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23831 (GCVE-0-2022-23831)
Vulnerability from cvelistv5 – Published: 2022-11-09 20:45 – Updated: 2025-05-01 14:09
VLAI?
Summary
Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.
Severity ?
7.5 (High)
CWE
- NA
Assigner
References
Impacted products
Date Public ?
2022-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-23831",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T14:08:11.372942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T14:09:12.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AMD \u03bcProf",
"vendor": "AMD",
"versions": [
{
"lessThan": "3.6.549",
"status": "affected",
"version": "AMDuProf_FreeBSD_x64",
"versionType": "custom"
},
{
"lessThan": "3.6.839",
"status": "affected",
"version": "AMDuProf Windows",
"versionType": "custom"
},
{
"lessThan": "3.6-449",
"status": "affected",
"version": "AMDuProf Linux",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of the IOCTL input buffer in AMD \u03bcProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-09T00:00:00.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
],
"source": {
"advisory": "AMD-SB-1046",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23831",
"datePublished": "2022-11-09T20:45:40.420Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2025-05-01T14:09:12.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27674 (GCVE-0-2022-27674)
Vulnerability from cvelistv5 – Published: 2022-11-09 20:45 – Updated: 2025-05-01 14:11
VLAI?
Summary
Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.
Severity ?
7.5 (High)
CWE
- NA
Assigner
References
Impacted products
Date Public ?
2022-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-27674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T14:10:57.351851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T14:11:02.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AMD \u03bcProf",
"vendor": "AMD",
"versions": [
{
"lessThan": "3.6.549",
"status": "affected",
"version": "AMDuProf_FreeBSD_x64",
"versionType": "custom"
},
{
"lessThan": "3.6.839",
"status": "affected",
"version": "AMDuProf Windows",
"versionType": "custom"
},
{
"lessThan": "3.6-449",
"status": "affected",
"version": "AMDuProf Linux",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation in the IOCTL input/output buffer in AMD \u03bcProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-09T00:00:00.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
],
"source": {
"advisory": "AMD-SB-1046",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-27674",
"datePublished": "2022-11-09T20:45:35.675Z",
"dateReserved": "2022-03-23T00:00:00.000Z",
"dateUpdated": "2025-05-01T14:11:02.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}