Vulnerabilities > CVE-2021-26334 - Unspecified vulnerability in AMD Uprof 3.4.494

CVSS 9.9 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

amd

critical

NVD

Published: 2021-12-01

Updated: 2023-11-07

Summary

The AMDPowerProfiler.sys driver of AMD µProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.

Vulnerable Configurations

Part	Description	Count
Application	Amd AMD AMD Uprof * AMD AMD Uprof 3.4.494	2
OS	Microsoft Microsoft Windows -	1
OS	Linux Linux Linux Kernel -	1

References

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1016