Filtered by vendor Amd
Subscribe
Total
232 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20596 | 1 Amd | 128 Ryzen 3 5125c, Ryzen 3 5125c Firmware, Ryzen 3 5300g and 125 more | 2024-02-05 | N/A | 9.8 CRITICAL |
| Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution. | |||||
| CVE-2021-46758 | 1 Amd | 122 Ryzen 3 4300u, Ryzen 3 4300u Firmware, Ryzen 3 5125c and 119 more | 2024-02-05 | N/A | 6.1 MEDIUM |
| Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity. | |||||
| CVE-2023-4969 | 3 Amd, Imaginationtech, Khronos | 261 Athlon 3000g, Athlon 3000g Firmware, Instinct Mi100 and 258 more | 2024-02-05 | N/A | 6.5 MEDIUM |
| A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures. | |||||
| CVE-2023-20568 | 2 Amd, Intel | 123 Radeon Pro Vega 56, Radeon Pro Vega 56 Firmware, Radeon Pro Vega 64 and 120 more | 2024-02-05 | N/A | 6.7 MEDIUM |
| Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution. | |||||
| CVE-2023-20519 | 1 Amd | 4 Genoapi, Genoapi Firmware, Milanpi and 1 more | 2024-02-05 | N/A | 3.3 LOW |
| A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. | |||||
| CVE-2023-20592 | 1 Amd | 138 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 135 more | 2024-02-05 | N/A | 6.5 MEDIUM |
| Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity. | |||||
| CVE-2023-20583 | 1 Amd | 1 * | 2024-02-05 | N/A | 4.7 MEDIUM |
| A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information. | |||||
| CVE-2023-20555 | 1 Amd | 238 Athlon 3015ce, Athlon 3015ce Firmware, Athlon 3015e and 235 more | 2024-02-05 | N/A | 7.8 HIGH |
| Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. | |||||
| CVE-2023-20589 | 1 Amd | 244 4700s, 4700s Firmware, Athlon Gold 3150c and 241 more | 2024-02-05 | N/A | 6.8 MEDIUM |
| An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. | |||||
| CVE-2023-20561 | 3 Amd, Linux, Microsoft | 3 Amd Uprof, Linux Kernel, Windows | 2024-02-05 | N/A | 5.5 MEDIUM |
| Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD ?Prof may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service. | |||||
| CVE-2023-20586 | 1 Amd | 1 Radeon Software | 2024-02-05 | N/A | 9.8 CRITICAL |
| A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations | |||||
| CVE-2023-20562 | 3 Amd, Linux, Microsoft | 3 Amd Uprof, Linux Kernel, Windows | 2024-02-05 | N/A | 7.8 HIGH |
| Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. | |||||
| CVE-2023-20556 | 3 Amd, Linux, Microsoft | 3 Amd Uprof, Linux Kernel, Windows | 2024-02-05 | N/A | 5.5 MEDIUM |
| Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD ?Prof may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service. | |||||
| CVE-2021-46792 | 1 Amd | 110 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 107 more | 2024-02-04 | N/A | 5.9 MEDIUM |
| Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service. | |||||
| CVE-2021-26379 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2024-02-04 | N/A | 9.8 CRITICAL |
| Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation. | |||||
| CVE-2023-20575 | 1 Amd | 176 Epyc 5552, Epyc 5552 Firmware, Epyc 7232p and 173 more | 2024-02-04 | N/A | 6.5 MEDIUM |
| A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information. | |||||
| CVE-2023-20520 | 1 Amd | 126 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 123 more | 2024-02-04 | N/A | 9.8 CRITICAL |
| Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution. | |||||
| CVE-2023-20524 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2024-02-04 | N/A | 7.5 HIGH |
| An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of integrity. | |||||
| CVE-2021-26371 | 1 Amd | 256 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 253 more | 2024-02-04 | N/A | 5.5 MEDIUM |
| A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. | |||||
| CVE-2021-46759 | 1 Amd | 112 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 109 more | 2024-02-04 | N/A | 6.1 MEDIUM |
| Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a potential loss of integrity. | |||||