| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations. |
| Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service. |
| Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution. |
| A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account. |
| Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. |
| Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. |
| Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution . |
| A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system. |
| A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system. |
| The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device. |
| A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck. |
| A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access. |
| A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a non-privileged account. |
| Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure. |
| Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure. |
| Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service. |
| Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. |
| Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or information disclosure. |
| An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service. |
| Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service. |
