AMD uProf has a flaw in how it validates commands sent to it by programs, allowing an authenticated user to load a driver without proper verification. This could let someone run malicious code with the highest level of system access.

The vulnerability exists in IOCTL input buffer validation within AMD uProf, where insufficient sanitization of user-supplied data allows an authenticated attacker to load unsigned kernel drivers. This bypasses driver signature verification mechanisms, potentially enabling arbitrary kernel-mode code execution with system privileges.