Skip to main content
CVE Vulnerability Database

CVE-2026-0466: AMD uProf DoS Vulnerability

CVE-2026-0466 is a denial of service flaw in AMD uProf caused by improper access control. Local attackers can exploit this to crash systems. This article covers the technical details, affected versions, and mitigation.

Published:

CVE-2026-0466 Overview

CVE-2026-0466 is an improper access control vulnerability in AMD uProf, a performance and power profiling tool used by developers to analyze applications running on AMD processors. The flaw allows a local attacker with standard user privileges to write to a kernel-shared memory section. Successful exploitation can crash the system or cause a denial of service condition on the affected host.

The weakness is classified under [CWE-497]: Exposure of Sensitive System Information to an Unauthorized Control Sphere. AMD published advisory AMD-SB-9025 documenting the issue.

Critical Impact

A local user without administrative rights can corrupt kernel-shared memory used by AMD uProf, leading to system instability or denial of service on workstations and servers running the profiling tool.

Affected Products

  • AMD uProf (refer to AMD-SB-9025 for affected versions)
  • Systems with the AMD uProf driver installed for profiling AMD processors
  • Both Windows and Linux distributions of AMD uProf as documented in the vendor advisory

Discovery Timeline

  • 2026-06-09 - CVE-2026-0466 published to NVD
  • 2026-06-09 - Last updated in NVD database

Technical Details for CVE-2026-0466

Vulnerability Analysis

AMD uProf installs a kernel-mode driver to collect low-level performance counter data from AMD processors. The driver exposes a shared memory region used for communication between user-mode profiling agents and the kernel component. CVE-2026-0466 stems from missing or insufficient access control checks on this shared memory section.

A local attacker with standard user privileges can open a handle to the kernel-shared memory section and issue write operations against it. Because the kernel consumes data from this region during profiling, malformed or attacker-controlled writes can corrupt kernel state. The result is a system crash or a denial of service against the host.

The vulnerability does not lead to information disclosure or integrity loss of user data according to AMD's bulletin. Impact is limited to availability of the affected machine.

Root Cause

The root cause is improper access control on a kernel-shared memory object created by the AMD uProf driver. The security descriptor or permission model applied to the shared section grants write access to non-privileged users. Profiling drivers commonly relax permissions to allow user-mode telemetry collection, but the protection scope here permits unauthorized modification of kernel-consumed data.

Attack Vector

Exploitation requires local access and authenticated user privileges. The attack vector is local with low attack complexity and no user interaction. An attacker running unprivileged code on the target system locates the AMD uProf shared section, opens it with write permissions, and writes data that triggers a kernel fault when consumed. No network access or social engineering is needed.

No public proof-of-concept code is currently available for CVE-2026-0466. Readers should consult the AMD Security Bulletin AMD-SB-9025 for technical specifics released by the vendor.

Detection Methods for CVE-2026-0466

Indicators of Compromise

  • Unexpected system crashes, bug checks, or kernel panics on hosts with AMD uProf installed
  • Non-administrative processes opening handles to AMD uProf shared memory sections or driver device objects
  • Crash dumps referencing the AMD uProf driver in the faulting module list

Detection Strategies

  • Inventory endpoints and workstations for the AMD uProf driver and associated user-mode binaries to identify exposure
  • Monitor process telemetry for non-developer accounts interacting with AMD uProf device objects or named shared sections
  • Correlate kernel crash events with prior process activity touching the uProf driver to identify potential exploitation attempts

Monitoring Recommendations

  • Collect and review Windows bug check codes and Linux kernel oops messages from systems running AMD uProf
  • Enable EDR telemetry on driver load events and handle openings to kernel objects exposed by the uProf driver
  • Track installation and version of AMD uProf across the fleet to ensure patched releases are deployed

How to Mitigate CVE-2026-0466

Immediate Actions Required

  • Apply the fixed AMD uProf release referenced in AMD-SB-9025 on all systems where the tool is installed
  • Remove AMD uProf from production servers and user workstations where active profiling is not required
  • Restrict local logon and code execution rights on systems that must retain the profiling tool

Patch Information

AMD has published security bulletin AMD-SB-9025 describing the issue and the corresponding fixed versions of AMD uProf. Administrators should download the latest release from AMD and replace any vulnerable installation. Reboot the system after upgrading to ensure the updated driver is loaded.

Workarounds

  • Uninstall AMD uProf entirely from systems that do not need active CPU profiling
  • Stop and disable the AMD uProf driver service when profiling sessions are not in progress
  • Limit interactive and remote desktop access to developer hosts running AMD uProf to trusted users only
bash
# Example: check for AMD uProf driver presence on Linux
lsmod | grep -i amdpwrprof
lsmod | grep -i amduprof

# Example: stop and disable the AMD uProf driver service on Windows
sc.exe stop AMDPowerProfiler
sc.exe config AMDPowerProfiler start= disabled

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.