CVE-2026-0466: AMD uProf Local Privilege Escalation and Denial of Service
AMD uProf, a performance profiling tool, contains an access control vulnerability that allows a user with local system access to write data into memory regions normally reserved for the kernel. This weakness could crash the system or render it temporarily unavailable. The vulnerability requires an attacker to already have an account on the target system—it cannot be exploited remotely.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 5.5 MEDIUM · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Weaknesses (CWE)
- CWE-497
- Affected products
- 3 configuration(s)
- Published / Modified
- 2026-06-09 / 2026-06-17
NVD description (verbatim)
Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service.
1 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-0466 is a local privilege escalation vector rooted in improper access control (CWE-497) within AMD uProf's memory management. A locally authenticated user can bypass restrictions designed to protect kernel-shared memory, write arbitrary data to that region, and trigger a denial-of-service condition. The CVSS 3.1 score of 5.5 (MEDIUM) reflects the requirement for local access and user-level privileges, combined with high availability impact but no confidentiality or integrity compromise of protected data.
Business impact
Availability disruptions are the primary concern. An attacker with local access could repeatedly crash systems running uProf, forcing restarts and service downtime. In environments where uProf is widely deployed for performance analysis—such as HPC clusters or development labs—coordinated exploitation could affect multiple machines simultaneously. Systems depend on continuous operation; even brief unavailability can disrupt workflows, delay analysis, and degrade user productivity.
Affected systems
All versions of AMD uProf are potentially affected by this vulnerability. Organizations should verify their deployed uProf versions against AMD's advisory and patch guidance. Systems running uProf in multi-user environments or where uProf processes are exposed to untrusted local users face elevated risk.
Exploitability
The vulnerability is straightforward to exploit by any user with local shell access, requiring no special tools or complex techniques. However, the requirement for local privileges and interactive access to the system keeps this from being a critical remote threat. The absence of the vulnerability from CISA's Known Exploited Vulnerabilities (KEV) catalog as of the current record suggests active exploitation has not been widely reported, though this should not be interpreted as a sign of low risk in high-value targets.
Remediation
Contact AMD for the patched version of uProf applicable to your deployment. Apply patches to all systems running uProf—prioritizing production environments and systems shared among multiple users. Where immediate patching is not feasible, restrict local access to uProf to trusted users only, use OS-level access controls to limit who can run uProf processes, and monitor system logs for unexpected crashes or denial-of-service patterns.
Patch guidance
AMD will release updates to address this access control flaw. Check AMD's official uProf download page and security advisories for the corrected version number. Apply patches in a staged manner: first to development and testing environments to validate compatibility, then to production systems. Coordinate patching with scheduled maintenance windows to minimize disruption. Verify successful remediation by confirming the patched uProf version is in use and retesting access controls.
Detection guidance
Monitor for repeated system crashes or kernel panic events coinciding with uProf process activity, particularly when triggered by non-administrative users. Audit local user accounts with access to uProf and review privilege escalation attempts in system logs. Endpoint Detection and Response (EDR) tools should flag suspicious write operations to kernel memory regions originating from user-space processes. Log all uProf process launches and correlate with system availability events.
Why prioritize this
Although assigned a MEDIUM CVSS score, this vulnerability warrants prompt but not emergency response. Prioritize patching systems where (1) uProf is deployed in multi-user environments, (2) local security boundaries are weak or not consistently enforced, or (3) the system's role makes even brief downtime costly. Organizations with single-user workstations running uProf can defer patching slightly but should not skip it.
Risk score, explained
The CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H assigns a score of 5.5. Local attack vector (AV:L) and low attack complexity (AC:L) reflect the straightforward nature of exploitation. Low privileges (PR:L) accurately capture the requirement for a local user account. No impact on confidentiality or integrity (C:N/I:N) reflects that this is a denial-of-service channel, not a data theft or system takeover vector. High availability impact (A:H) reflects the severity of potential service disruption.
Frequently asked questions
Can this vulnerability be exploited without local system access?
No. CVE-2026-0466 requires an attacker to already possess a user account and shell access on the target system. It cannot be exploited remotely over a network.
Will patching uProf resolve the kernel memory access issue?
Yes. AMD's patched version will restore proper access controls that prevent unauthorized writes to kernel-shared memory. Verify the patch version against AMD's official advisory before and after deployment.
Are all uProf deployments equally at risk?
Single-user systems face lower practical risk because the attacker must first compromise or be granted legitimate local access. Multi-user systems, developer workstations, and shared lab environments face higher risk due to the larger pool of potential local attackers.
Should we uninstall uProf until a patch is available?
If uProf is not critical to your workflow, temporary uninstallation is a valid mitigation. If it is required, restrict its use to trusted administrators and monitor for suspicious activity until a patch is deployed and verified.
This analysis is provided for informational purposes to help security teams understand and remediate CVE-2026-0466. No guarantee is made regarding the completeness or accuracy of future threat intelligence. Patch versions, release dates, and vendor advisories are subject to change; always consult AMD's official security bulletins before deploying fixes. This vulnerability is not currently listed in CISA's KEV catalog, but organizations should not rely solely on KEV status to inform their patch prioritization. Conduct your own risk assessment based on your specific environment, uProf usage patterns, and local security posture. SEC.co assumes no liability for third-party actions or unforeseen outcomes resulting from recommendations herein. Source: NVD (public-domain), retrieved 2026-07-18. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-49077MEDIUMWP eMember Information Disclosure Vulnerability
- CVE-2026-44743LOWSAP Business Objects Information Disclosure Vulnerability
- CVE-2026-28237MEDIUMAMD uProf Resource Exhaustion Vulnerability – Patch Guidance
- CVE-2026-49121HIGHAITER Unauthenticated Remote Code Execution in ROCm Inference
- CVE-2016-20064MEDIUMWP Vault 0.8.6.6 Arbitrary File Read via Directory Traversal
- CVE-2018-25384MEDIUMStored XSS in Wikidforum 2.20 Allows Authenticated Attackers to Inject Malicious Scripts
- CVE-2018-25387MEDIUMHaPe PKH 1.1 Cross-Site Request Forgery (CSRF) Admin Password Reset
- CVE-2018-25393MEDIUMNavigate CMS 2.8.5 Path Traversal Vulnerability (CVSS 6.5)