CVE-2025-48510

High CVSS: 7.1

Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability.

Vendor

Product

CWE

Yayın Tarihi

2025-11-24 21:16:03

Güncelleme

2025-11-26 18:47:42

Source Identifier

psirt@amd.com

KEV Date Added

CWE-394 Uprof HIGH Amd 2025

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html

High

CVE-2023-20548

A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt…

High

CVE-2023-31324

A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify…

Medium

CVE-2025-48511

Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potenti…

Medium

CVE-2025-29933

Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a…

Medium

CVE-2025-48502

Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting…

High

CVE-2023-31359

Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, pote…