CVE-2024-36340
CVE-2024-36340
In short
AMD uProf has a flaw that allows a low-privileged local user to create junction points (special file system links), which could lead to unintended deletion or exposure of files they shouldn't access.
Technical detail
A junction point vulnerability in AMD uProf enables local low-privileged attackers to create NTFS junction points via improper file system path handling, potentially achieving arbitrary file deletion or information disclosure through directory traversal. Exploitation requires local system access and the ability to interact with the vulnerable application's file operations.
Summary generated and translated by AI from the official description.
A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Affected products
AMD · AMD μProfWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →