Filtered by vendor Amd
Subscriptions
Total
379 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48517 | 1 Amd | 2 Epyc 9005 Series Processors, Epyc Embedded 9005 Series Processors | 2026-04-15 | N/A |
| Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality. | ||||
| CVE-2023-31325 | 1 Amd | 6 Radeon, Radeon Pro W7000, Radeon Rx 7000 and 3 more | 2026-04-15 | 7.2 High |
| Improper isolation of shared resources on System-on-a-chip (SOC) could a privileged attacker to tamper with the contents of the PSP reserved DRAM region potentially resulting in loss of confidentiality and integrity. | ||||
| CVE-2025-0009 | 1 Amd | 9 Athlon, Radeon Pro V520, Radeon Pro V620 and 6 more | 2026-04-15 | 5.5 Medium |
| A NULL pointer dereference in AMD Crash Defender could allow an attacker to write a NULL output to a log file potentially resulting in a system crash and loss of availability. | ||||
| CVE-2025-54515 | 2 Amd, Arm | 4 Alveo, Versal, Cortex-a and 1 more | 2026-04-15 | N/A |
| The Secure Flag passed to Versal™ Adaptive SoC’s Trusted Firmware for Cortex®-A processors (TF-A) for Arm’s Power State Coordination Interface (PSCI) commands were incorrectly set to secure instead of using the processor’s actual security state. This would allow the PSCI requests to appear they were from processors in the secure state instead of the non-secure state. | ||||
| CVE-2025-54520 | 1 Amd | 2 Artix 7-series Fpga, Kintex 7-series Fpga | 2026-04-15 | N/A |
| Improper Protection Against Voltage and Clock Glitches in FPGA devices, could allow an attacker with physical access to undervolt the platform resulting in a loss of confidentiality. | ||||
| CVE-2025-0032 | 1 Amd | 8 Epyc, Epyc 9000, Epyc 9005 and 5 more | 2026-04-15 | 7.2 High |
| Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution. | ||||
| CVE-2022-27672 | 2 Amd, Redhat | 331 A10-9600p, A10-9600p Firmware, A10-9630p and 328 more | 2026-04-13 | 4.7 Medium |
| When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. | ||||
| CVE-2023-31324 | 1 Amd | 28 Instinct Mi210, Instinct Mi250, Instinct Mi300a and 25 more | 2026-03-05 | 7.8 High |
| A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability. | ||||
| CVE-2023-20548 | 1 Amd | 28 Instinct Mi210, Instinct Mi250, Instinct Mi300a and 25 more | 2026-03-05 | 7.8 High |
| A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability. | ||||
| CVE-2023-31358 | 1 Amd | 1 Aim-t Manageability Api | 2026-02-26 | 7.3 High |
| A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2023-31359 | 1 Amd | 1 Aim-t Manageability Api | 2026-02-26 | 7.3 High |
| Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2021-26353 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2026-02-24 | 7.8 High |
| Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity. | ||||
| CVE-2024-36340 | 1 Amd | 1 Uprof | 2025-11-26 | 6.6 Medium |
| A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure. | ||||
| CVE-2025-29933 | 1 Amd | 1 Uprof | 2025-11-26 | 5.5 Medium |
| Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service | ||||
| CVE-2025-48502 | 1 Amd | 1 Uprof | 2025-11-26 | 5.5 Medium |
| Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service. | ||||
| CVE-2025-48510 | 1 Amd | 1 Uprof | 2025-11-26 | 7.1 High |
| Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability. | ||||
| CVE-2025-48511 | 1 Amd | 1 Uprof | 2025-11-26 | 5.5 Medium |
| Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service. | ||||
| CVE-2025-39705 | 2 Amd, Linux | 2 Graphics Driver, Linux Kernel | 2025-11-25 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a Null pointer dereference vulnerability [Why] A null pointer dereference vulnerability exists in the AMD display driver's (DC module) cleanup function dc_destruct(). When display control context (dc->ctx) construction fails (due to memory allocation failure), this pointer remains NULL. During subsequent error handling when dc_destruct() is called, there's no NULL check before dereferencing the perf_trace member (dc->ctx->perf_trace), causing a kernel null pointer dereference crash. [How] Check if dc->ctx is non-NULL before dereferencing. (Updated commit text and removed unnecessary error message) (cherry picked from commit 9dd8e2ba268c636c240a918e0a31e6feaee19404) | ||||
| CVE-2023-20597 | 1 Amd | 202 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 199 more | 2025-06-27 | 5.5 Medium |
| Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | ||||
| CVE-2023-20594 | 1 Amd | 250 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 247 more | 2025-06-27 | 4.4 Medium |
| Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | ||||