CVE-2021-26334
AMD Chipset Driver Information Disclosure Vulnerability
In short
A flaw in AMD's performance profiling driver allows low-privilege users to access sensitive hardware registers, potentially allowing them to run code with the highest system permissions.
Technical detail
The AMDPowerProfiler.sys driver fails to enforce proper privilege checks when accessing Model-Specific Registers (MSRs) in kernel mode, allowing unprivileged local users to read/write kernel-level hardware state. This CWE-284 authorization bypass enables privilege escalation and ring-0 code execution on affected systems running AMD μProf.
Summary generated and translated by AI from the official description.
The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.
Affected products
AMD · μProf ToolWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →