Potential Risk of CVE

CVE-2025-61969 Prequel: AMD uProf allow arbitrary file read/write operations (16 Feb 2026)

Leave a comment

Preface: In short, the ioctl concept exists in both, but the implementation is different.

While Linux uses a standard ioctl system call, Windows provides a similar interface through its own set of functions. They are not directly compatible. 

  • Linux (ioctl): A universal Unix-like system call used to perform hardware-specific operations that fall outside standard read/write.
  • Windows (DeviceIoControl): Part of the Win32 API, this function sends control codes directly to a device driver. It is the architectural equivalent of ioctl on Windows.

Background: AMD uProf (AMD MICRO-prof) is a software profiling analysis tool for x86 applications running on Windows, Linux® and FreeBSD operating systems and provides event information unique to the AMD “Zen”-based processors and AMD Instinct™ MI Series accelerators. AMD uProf enables the developer to better understand the limiters of application performance and evaluate improvements.

According to the latest AMD uProf official documentation, supported versions include:

Windows 10 (up to 22H2), Windows 11 (up to 25H2) and Windows Server 2019, 2022, and 2025

Key Components on Windows

After installation on Windows, you can use the following tools:

  • AMDuProf (GUI): A visual interface for performing CPU and power consumption analysis.
  • AMDuProfCLI: A command-line tool for automating instruction code or remote analysis.
  • AMDuProfPcm: A tool specifically designed for system-level analysis (such as IPC and memory bandwidth).
  • System Analysis: Monitors system-level performance metrics such as IPC (Instructions Per Clock), memory bandwidth, and cache usage.
  • Power Profiling: Tracks system thermal and power consumption characteristics in real time, displaying the frequency, temperature, and energy consumption of each component.
  • Microarchitecture Analysis: Detects microarchitectural issues in the source code and provides specific hardware event information for AMD “Zen” series processors.
  • GPU and Heterogeneous Analysis: Supports analysis of GPU activity, kernels, and scheduling for AMD Instinct MI series accelerators.

Vulnerability details: CVE-2025-61969 Incorrect permission assignment in AMD µProf performance analysis tool-suite may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

An external researcher reported a vulnerability in the AMD uProf performance analysis tool-suite, specifically within the AMDPowerProfiler.sys driver, that could allow arbitrary file read/write operations due to insufficient access control checks.

AMD determined that this issue occurs because the driver fails to properly validate user access when handling IOCTL requests, potentially allowing unprivileged users to escalate privileges and resulting in arbitrary code execution.

Official announcement: Please refer to the link for details –

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9022.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.