Filtered by vendor Amd
Subscriptions
Total
263 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-26352 | 1 Amd | 60 Ryzen 3 5300g, Ryzen 3 5300g Firmware, Ryzen 3 5300ge and 57 more | 2024-09-16 | 5.5 Medium |
Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service. | ||||
CVE-2020-12986 | 2 Amd, Microsoft | 3 Radeon Pro Software, Radeon Software, Windows 10 | 2024-09-16 | 7.8 High |
An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may cause arbitrary code execution in the kernel, leading to escalation of privilege or denial of service. | ||||
CVE-2021-26318 | 1 Amd | 10 Athlon, Athlon Firmware, Athlon Pro and 7 more | 2024-09-16 | 4.7 Medium |
A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information. | ||||
CVE-2020-12904 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-09-16 | 5.5 Medium |
Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure. | ||||
CVE-2020-12988 | 1 Amd | 122 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 119 more | 2024-09-16 | 7.5 High |
A potential denial of service (DoS) vulnerability exists in the integrated chipset that may allow a malicious attacker to hang the system when it is rebooted. | ||||
CVE-2021-26342 | 1 Amd | 76 Epyc 7001, Epyc 7001 Firmware, Epyc 7251 and 73 more | 2024-09-16 | 3.3 Low |
In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability. | ||||
CVE-2021-26373 | 1 Amd | 175 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 172 more | 2024-09-16 | 5.5 Medium |
Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service. | ||||
CVE-2021-26340 | 1 Amd | 210 Epyc 7001, Epyc 7001 Firmware, Epyc 7232p and 207 more | 2024-09-16 | 8.4 High |
A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM). | ||||
CVE-2021-26325 | 1 Amd | 40 Epyc 7232p, Epyc 7232p Firmware, Epyc 72f3 and 37 more | 2024-09-16 | 5.5 Medium |
Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service. | ||||
CVE-2021-26348 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2024-09-16 | 5.5 Medium |
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity. | ||||
CVE-2023-39281 | 3 Amd, Insyde, Intel | 279 Athlon Gold 7220u, Athlon Silver 7120u, Ryzen3 5300u and 276 more | 2024-09-06 | 9.8 Critical |
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase. | ||||
CVE-2023-20519 | 1 Amd | 4 Genoapi, Genoapi Firmware, Milanpi and 1 more | 2024-08-30 | 3.3 Low |
A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. | ||||
CVE-2022-23815 | 1 Amd | 4 Athlon 3000g, Ryzen Embedded R1000, Ryzen Embedded R2000 and 1 more | 2024-08-19 | 7.5 High |
Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution. | ||||
CVE-2022-23817 | 1 Amd | 128 Athlon 3000g Firmware, Athlon Gold 3150ge Firmware, Athlon Gold Pro 3150g Firmware and 125 more | 2024-08-16 | 7 High |
Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation. | ||||
CVE-2024-21981 | 1 Amd | 3 Athlon, Epyc, Ryzen | 2024-08-15 | 5.7 Medium |
Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity. | ||||
CVE-2023-20578 | 1 Amd | 9 Epyc 7001, Epyc 7002, Epyc 9004 and 6 more | 2024-08-15 | 7.5 High |
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution. | ||||
CVE-2023-31348 | 1 Amd | 1 Uprof Tool | 2024-08-14 | 7.3 High |
A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
CVE-2023-20591 | 1 Amd | 64 Epyc 7003 Firmware, Epyc 7203 Firmware, Epyc 7203p Firmware and 61 more | 2024-08-14 | 6.5 Medium |
Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability. | ||||
CVE-2023-31341 | 1 Amd | 1 Amd Uprof | 2024-08-14 | 7.3 High |
Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service. | ||||
CVE-2023-31349 | 1 Amd | 1 Amd Uprof | 2024-08-14 | 7.3 High |
Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. |