Vulnerabilities (CVE)

Filtered by vendor Amd Subscribe
Total 252 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-20598 1 Amd 107 Radeon Pro W5500, Radeon Pro W5700, Radeon Pro W6300 and 104 more 2023-12-10 N/A 7.8 HIGH
An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.
CVE-2023-20569 3 Amd, Debian, Fedoraproject 284 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 281 more 2023-12-10 N/A 4.7 MEDIUM
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.
CVE-2023-44216 7 Amd, Apple, Canonical and 4 more 16 Ryzen 5 7600x, Ryzen 7 4800u, M1 Mac Mini and 13 more 2023-12-10 N/A 5.3 MEDIUM
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.
CVE-2023-39281 3 Amd, Insyde, Intel 279 Athlon Gold 7220u, Athlon Silver 7120u, Ryzen3 5300u and 276 more 2023-12-10 N/A 9.8 CRITICAL
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.
CVE-2023-20597 1 Amd 202 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 199 more 2023-12-10 N/A 5.5 MEDIUM
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
CVE-2023-20556 3 Amd, Linux, Microsoft 3 Amd Uprof, Linux Kernel, Windows 2023-12-10 N/A 5.5 MEDIUM
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD µProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.
CVE-2023-20589 1 Amd 244 4700s, 4700s Firmware, Athlon Gold 3150c and 241 more 2023-12-10 N/A 6.8 MEDIUM
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. 
CVE-2023-20594 1 Amd 250 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 247 more 2023-12-10 N/A 4.4 MEDIUM
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
CVE-2023-20586 1 Amd 1 Radeon Software 2023-12-10 N/A 9.8 CRITICAL
A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations
CVE-2023-20593 3 Amd, Debian, Xen 140 Athlon Gold 7220u, Athlon Gold 7220u Firmware, Epyc 7232p and 137 more 2023-12-10 N/A 5.5 MEDIUM
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
CVE-2023-20555 1 Amd 238 Athlon 3015ce, Athlon 3015ce Firmware, Athlon 3015e and 235 more 2023-12-10 N/A 7.8 HIGH
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.
CVE-2021-46794 1 Amd 112 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 109 more 2023-12-10 N/A 7.5 HIGH
Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.
CVE-2023-20524 1 Amd 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more 2023-12-10 N/A 7.5 HIGH
An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of integrity.
CVE-2021-26356 1 Amd 196 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 193 more 2023-12-10 N/A 7.4 HIGH
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
CVE-2021-46756 1 Amd 126 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 123 more 2023-12-10 N/A 9.1 CRITICAL
Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity.
CVE-2022-23818 1 Amd 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more 2023-12-10 N/A 7.5 HIGH
Insufficient input validation on the model specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest memory integrity.
CVE-2023-20558 1 Amd 178 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 175 more 2023-12-10 N/A 8.8 HIGH
Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.
CVE-2021-46760 1 Amd 14 Ryzen 3945wx, Ryzen 3945wx Firmware, Ryzen 3955wx and 11 more 2023-12-10 N/A 9.8 CRITICAL
A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution.
CVE-2021-26406 1 Amd 80 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 77 more 2023-12-10 N/A 7.5 HIGH
Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service.
CVE-2021-46759 1 Amd 112 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 109 more 2023-12-10 N/A 6.1 MEDIUM
Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a potential loss of integrity.