Filtered by vendor Amd Subscriptions
Total 287 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-26354 1 Amd 304 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 301 more 2025-01-28 5.5 Medium
Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.
CVE-2021-46762 1 Amd 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more 2025-01-28 3.9 Low
Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service.
CVE-2021-46765 1 Amd 88 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 85 more 2025-01-27 7.5 High
Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service.
CVE-2021-46760 1 Amd 14 Ryzen 3945wx, Ryzen 3945wx Firmware, Ryzen 3955wx and 11 more 2025-01-27 9.8 Critical
A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution.
CVE-2021-46759 1 Amd 112 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 109 more 2025-01-27 6.1 Medium
Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a potential loss of integrity.
CVE-2022-23815 1 Amd 36 Athlon 3000g, Athlon Gold 3150g, Athlon Gold 3150g Firmware and 33 more 2025-01-03 7.5 High
Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.
CVE-2024-21946 1 Amd 2 Ryzen Master, Ryzen Master Utility For Overclocking Control 2024-12-18 7.3 High
Incorrect default permissions in the AMD RyzenTM Master Utility installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21938 1 Amd 1 Management Plugin For Sccm 2024-12-18 7.3 High
Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2024-21939 1 Amd 2 Cloud Manageability Service, Cloud Manageability Service Acms Software 2024-12-18 7.3 High
Incorrect default permissions in the AMD Cloud Manageability Service (ACMS) Software installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21945 1 Amd 2 Ryzen Master, Ryzen Master Monitoring Software Development Kit 2024-12-18 7.3 High
Incorrect default permissions in the AMD RyzenTM Master monitoring SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21957 1 Amd 1 Management Console 2024-12-18 7.3 High
Incorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21958 1 Amd 2 Provisioning Console, Provisioning Console Apc Software 2024-12-18 7.3 High
Incorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2023-31307 1 Amd 32 Radeon Pro W6300, Radeon Pro W6400, Radeon Pro W6600 and 29 more 2024-12-13 2.3 Low
Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.
CVE-2023-31341 1 Amd 2 Amd Uprof, Uprof 2024-12-13 7.3 High
Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.
CVE-2021-26367 1 Amd 102 Athlon Gold 3150c, Athlon Gold 3150c Firmware, Athlon Gold 3150g and 99 more 2024-12-12 5.7 Medium
A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.
CVE-2021-26344 1 Amd 141 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 138 more 2024-12-12 7.2 High
An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution.
CVE-2023-20591 1 Amd 132 Epyc 7003 Firmware, Epyc 7203, Epyc 7203 Firmware and 129 more 2024-12-12 6.5 Medium
Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability.
CVE-2023-20584 2 Amd, Redhat 135 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 132 more 2024-12-12 5.3 Medium
IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.
CVE-2023-20510 1 Amd 32 Radeon Pro W6300, Radeon Pro W6400, Radeon Pro W6600 and 29 more 2024-12-12 4.7 Medium
An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service.
CVE-2023-31366 1 Amd 1 Uprof 2024-12-12 3.3 Low
Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service.