Filtered by vendor Amd
Subscribe
Total
286 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26406 | 1 Amd | 80 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 77 more | 2025-01-28 | N/A | 7.5 HIGH |
| Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service. | |||||
| CVE-2021-26397 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2025-01-28 | N/A | 7.1 HIGH |
| Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability. | |||||
| CVE-2021-26379 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2025-01-28 | N/A | 9.8 CRITICAL |
| Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation. | |||||
| CVE-2021-26371 | 1 Amd | 256 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 253 more | 2025-01-28 | N/A | 5.5 MEDIUM |
| A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. | |||||
| CVE-2021-26365 | 1 Amd | 108 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 105 more | 2025-01-28 | N/A | 8.2 HIGH |
| Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents. | |||||
| CVE-2021-26356 | 1 Amd | 196 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 193 more | 2025-01-28 | N/A | 7.4 HIGH |
| A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure. | |||||
| CVE-2021-26354 | 1 Amd | 304 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 301 more | 2025-01-28 | N/A | 5.5 MEDIUM |
| Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity. | |||||
| CVE-2021-46765 | 1 Amd | 88 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 85 more | 2025-01-27 | N/A | 7.5 HIGH |
| Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service. | |||||
| CVE-2021-46760 | 1 Amd | 14 Ryzen 3945wx, Ryzen 3945wx Firmware, Ryzen 3955wx and 11 more | 2025-01-27 | N/A | 9.8 CRITICAL |
| A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution. | |||||
| CVE-2021-46759 | 1 Amd | 112 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 109 more | 2025-01-27 | N/A | 6.1 MEDIUM |
| Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a potential loss of integrity. | |||||
| CVE-2024-21946 | 1 Amd | 1 Ryzen Master Utility For Overclocking Control | 2024-12-18 | N/A | 7.3 HIGH |
| Incorrect default permissions in the AMD RyzenTM Master Utility installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | |||||
| CVE-2024-21938 | 1 Amd | 1 Management Plugin For Sccm | 2024-12-18 | N/A | 7.3 HIGH |
| Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||
| CVE-2024-21939 | 1 Amd | 1 Cloud Manageability Service | 2024-12-18 | N/A | 7.3 HIGH |
| Incorrect default permissions in the AMD Cloud Manageability Service (ACMS) Software installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | |||||
| CVE-2024-21945 | 1 Amd | 1 Ryzen Master Monitoring Software Development Kit | 2024-12-18 | N/A | 7.3 HIGH |
| Incorrect default permissions in the AMD RyzenTM Master monitoring SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | |||||
| CVE-2024-21957 | 1 Amd | 1 Management Console | 2024-12-18 | N/A | 7.3 HIGH |
| Incorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | |||||
| CVE-2024-21958 | 1 Amd | 1 Provisioning Console | 2024-12-18 | N/A | 7.3 HIGH |
| Incorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||
| CVE-2023-31307 | 1 Amd | 32 Radeon Pro W6300, Radeon Pro W6400, Radeon Pro W6600 and 29 more | 2024-12-13 | N/A | 2.3 LOW |
| Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service. | |||||
| CVE-2021-26367 | 1 Amd | 102 Athlon Gold 3150c, Athlon Gold 3150c Firmware, Athlon Gold 3150g and 99 more | 2024-12-12 | N/A | 5.7 MEDIUM |
| A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability. | |||||
| CVE-2023-20584 | 1 Amd | 130 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 127 more | 2024-12-12 | N/A | 5.3 MEDIUM |
| IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity. | |||||
| CVE-2023-20510 | 1 Amd | 32 Radeon Pro W6300, Radeon Pro W6400, Radeon Pro W6600 and 29 more | 2024-12-12 | N/A | 4.7 MEDIUM |
| An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service. | |||||