Uprof
CVE-2024-36340
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure.
AnalysisAI
A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-1386. A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure. Affected products include: Amd Uprof.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confi
Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potenti
Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a
Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today