CVE-2024-36340

MEDIUM EPSS 3.4%

Published May 13, 20251y ago · Modified Jun 17, 20261w ago

6.6 CVSS 3.1

Medium

Published May 13, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure.

CVSS Details

Base Score

6.6

Exploitability

1.3

Impact

5.2

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction Required

Scope Unchanged

Confidentiality High

Integrity High

Availability None

Threat Intelligence

EPSS Exploit Probability

3.4% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-1386

Affected Products 3

Vendor	Product	Version	Range
amd	uprof	*	<5.0.1174
amd	uprof	*	<5.0.1223
amd	uprof	*	<5.0.1479

References 1

amd.com https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9013.html

MitigationPatchVendor Advisory

Remediation

amd.com https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9013.html

MitigationPatchVendor Advisory