Filtered by vendor Amd
Subscribe
Total
286 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20559 | 1 Amd | 178 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 175 more | 2025-02-25 | N/A | 8.8 HIGH |
| Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. | |||||
| CVE-2023-20558 | 1 Amd | 178 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 175 more | 2025-02-20 | N/A | 8.8 HIGH |
| Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. | |||||
| CVE-2023-20593 | 3 Amd, Debian, Xen | 140 Athlon Gold 7220u, Athlon Gold 7220u Firmware, Epyc 7232p and 137 more | 2025-02-13 | N/A | 5.5 MEDIUM |
| An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. | |||||
| CVE-2023-20568 | 2 Amd, Intel | 123 Radeon Pro Vega 56, Radeon Pro Vega 56 Firmware, Radeon Pro Vega 64 and 120 more | 2025-02-13 | N/A | 6.7 MEDIUM |
| Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution. | |||||
| CVE-2023-20567 | 2 Amd, Intel | 123 Radeon Pro Vega 56, Radeon Pro Vega 56 Firmware, Radeon Pro Vega 64 and 120 more | 2025-02-13 | N/A | 6.7 MEDIUM |
| Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution. | |||||
| CVE-2021-46748 | 2 Amd, Intel | 123 Radeon Pro Vega 56, Radeon Pro Vega 56 Firmware, Radeon Pro Vega 64 and 120 more | 2025-02-13 | N/A | 5.5 MEDIUM |
| Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service. | |||||
| CVE-2023-20524 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2025-01-28 | N/A | 7.5 HIGH |
| An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of integrity. | |||||
| CVE-2023-20520 | 1 Amd | 126 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 123 more | 2025-01-28 | N/A | 9.8 CRITICAL |
| Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution. | |||||
| CVE-2022-23818 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2025-01-28 | N/A | 7.5 HIGH |
| Insufficient input validation on the model specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest memory integrity. | |||||
| CVE-2021-46794 | 1 Amd | 112 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 109 more | 2025-01-28 | N/A | 7.5 HIGH |
| Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service. | |||||
| CVE-2021-46792 | 1 Amd | 110 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 107 more | 2025-01-28 | N/A | 5.9 MEDIUM |
| Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service. | |||||
| CVE-2021-46775 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2025-01-28 | N/A | 6.8 MEDIUM |
| Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution. | |||||
| CVE-2021-46773 | 1 Amd | 126 Ryzen 1200 \(af\), Ryzen 1200 \(af\) Firmware, Ryzen 1600 \(af\) and 123 more | 2025-01-28 | N/A | 8.8 HIGH |
| Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution. | |||||
| CVE-2021-46769 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2025-01-28 | N/A | 8.8 HIGH |
| Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution. | |||||
| CVE-2021-46764 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2025-01-28 | N/A | 7.5 HIGH |
| Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service. | |||||
| CVE-2021-46763 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2025-01-28 | N/A | 7.5 HIGH |
| Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity. | |||||
| CVE-2021-46756 | 1 Amd | 126 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 123 more | 2025-01-28 | N/A | 9.1 CRITICAL |
| Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity. | |||||
| CVE-2021-46755 | 1 Amd | 46 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 43 more | 2025-01-28 | N/A | 7.5 HIGH |
| Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service. | |||||
| CVE-2021-46753 | 1 Amd | 132 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 129 more | 2025-01-28 | N/A | 9.1 CRITICAL |
| Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity. | |||||
| CVE-2021-46749 | 1 Amd | 112 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 109 more | 2025-01-28 | N/A | 7.5 HIGH |
| Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service. | |||||