Filtered by vendor Amd
Subscriptions
Total
263 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-8935 | 1 Amd | 4 Ryzen, Ryzen Firmware, Ryzen Pro and 1 more | 2024-08-05 | N/A |
| The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW. | ||||
| CVE-2019-9836 | 2 Amd, Opensuse | 16 Epyc 7251, Epyc 7261, Epyc 7281 and 13 more | 2024-08-04 | 5.3 Medium |
| Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation. | ||||
| CVE-2019-7247 | 1 Amd | 1 Overdrive | 2024-08-04 | 9.8 Critical |
| An issue was discovered in AODDriver2.sys in AMD OverDrive. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x81112ee0 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | ||||
| CVE-2019-7246 | 1 Amd | 1 Atillk64 | 2024-08-04 | 6.7 Medium |
| An issue was discovered in atillk64.sys in AMD ATI Diagnostics Hardware Abstraction Sys/Overclocking Utility 5.11.9.0. The vulnerable driver exposes a wrmsr instruction and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | ||||
| CVE-2019-5146 | 2 Amd, Vmware | 2 Atidxx64, Workstation | 2024-08-04 | 8.6 High |
| An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | ||||
| CVE-2019-5183 | 2 Amd, Vmware | 2 Atidxx64, Workstation | 2024-08-04 | 9.0 Critical |
| An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | ||||
| CVE-2019-5147 | 2 Amd, Vmware | 2 Atidxx64, Workstation | 2024-08-04 | 8.6 High |
| An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | ||||
| CVE-2019-5124 | 2 Amd, Vmware | 2 Atidxx64, Workstation | 2024-08-04 | 8.6 High |
| An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | ||||
| CVE-2019-5049 | 1 Amd | 6 Radeon 550, Radeon 550 Firmware, Radeon Rx 550 and 3 more | 2024-08-04 | 10.0 Critical |
| An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | ||||
| CVE-2019-5098 | 3 Amd, Microsoft, Vmware | 6 Radeon 550, Radeon 550 Firmware, Radeon Rx 550 and 3 more | 2024-08-04 | 8.6 High |
| An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | ||||
| CVE-2020-12926 | 1 Amd | 1 Trusted Platform Modules Reference | 2024-08-04 | 6.4 Medium |
| The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device. | ||||
| CVE-2020-12933 | 1 Amd | 1 Atikmdag.sys | 2024-08-04 | 5.5 Medium |
| A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account. | ||||
| CVE-2020-12928 | 1 Amd | 1 Ryzen Master | 2024-08-04 | 7.8 High |
| A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system. | ||||
| CVE-2020-12912 | 1 Amd | 1 Energy Driver For Linux | 2024-08-04 | 5.5 Medium |
| A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access. | ||||
| CVE-2020-12927 | 1 Amd | 1 Vbios Flash Tool Software Development Kit | 2024-08-04 | 7.8 High |
| A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system. | ||||
| CVE-2020-12911 | 1 Amd | 1 Atikmdag.sys | 2024-08-04 | 5.5 Medium |
| A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a non-privileged account. | ||||
| CVE-2020-12138 | 1 Amd | 1 Atillk64 | 2024-08-04 | 8.8 High |
| AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages. | ||||
| CVE-2020-8950 | 2 Amd, Microsoft | 2 User Experience Program, Windows | 2024-08-04 | 7.8 High |
| The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then creating a symbolic link in %PROGRAMDATA%\AMD\PPC\temp that points to an arbitrary folder with an arbitrary file name. | ||||
| CVE-2020-6100 | 1 Amd | 1 Radeon Directx 11 Driver Atidxx64.dll | 2024-08-04 | 9.9 Critical |
| An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. A specially crafted pixel shader can cause memory corruption vulnerability. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability potentially could be triggered from guest machines running virtualization environments (ie. VMware, qemu, VirtualBox etc.) in order to perform guest-to-host escape - as it was demonstrated before (TALOS-2018-0533, TALOS-2018-0568, etc.). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). This vulnerability was triggered from HYPER-V guest using RemoteFX feature leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). | ||||
| CVE-2020-6103 | 1 Amd | 1 Radeon Directx 11 Driver Atidxx64.dll | 2024-08-04 | 9.9 Critical |
| An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). | ||||