Filtered by vendor Amd
Subscriptions
Total
287 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31366 | 1 Amd | 1 Uprof | 2024-12-12 | 3.3 Low |
| Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service. | ||||
| CVE-2023-31349 | 1 Amd | 2 Amd Uprof, Uprof | 2024-12-12 | 7.3 High |
| Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2023-31348 | 1 Amd | 2 Uprof, Uprof Tool | 2024-12-12 | 7.3 High |
| A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2023-20566 | 1 Amd | 130 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 127 more | 2024-12-03 | 5.3 Medium |
| Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. | ||||
| CVE-2022-23821 | 1 Amd | 214 Athlon 3015ce, Athlon 3015ce Firmware, Athlon 3015e and 211 more | 2024-12-03 | 9.8 Critical |
| Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution. | ||||
| CVE-2024-21937 | 1 Amd | 5 Amd Software Adrenalin Edition, Amd Software Cloud Edition, Amd Software Pro Edition and 2 more | 2024-11-27 | 7.3 High |
| Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | ||||
| CVE-2023-20575 | 1 Amd | 176 Epyc 5552, Epyc 5552 Firmware, Epyc 7232p and 173 more | 2024-11-27 | 6.5 Medium |
| A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information. | ||||
| CVE-2019-5478 | 1 Amd | 82 Zu11eg, Zu11eg Firmware, Zu15eg and 79 more | 2024-11-27 | 5.5 Medium |
| A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior. | ||||
| CVE-2023-31339 | 2 Amd, Arm | 43 Trusted Firmware-a, Zu11eg, Zu15eg and 40 more | 2024-11-27 | 4.8 Medium |
| Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service. | ||||
| CVE-2024-21980 | 1 Amd | 174 Epyc 7003 Firmware, Epyc 7203, Epyc 7203 Firmware and 171 more | 2024-11-26 | 7.9 High |
| Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity. | ||||
| CVE-2024-21978 | 1 Amd | 174 Epyc 7003 Firmware, Epyc 7203, Epyc 7203 Firmware and 171 more | 2024-11-26 | 6 Medium |
| Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption. | ||||
| CVE-2023-31355 | 1 Amd | 172 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 169 more | 2024-11-26 | 6 Medium |
| Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest. | ||||
| CVE-2023-44216 | 8 Amd, Apple, Canonical and 5 more | 17 Ryzen 5 7600x, Ryzen 7 4800u, M1 Mac Mini and 14 more | 2024-11-21 | 5.3 Medium |
| PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin. | ||||
| CVE-2023-39281 | 3 Amd, Insyde, Intel | 279 Athlon Gold 7220u, Athlon Silver 7120u, Ryzen3 5300u and 276 more | 2024-11-21 | 9.8 Critical |
| A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase. | ||||
| CVE-2023-31320 | 1 Amd | 113 Radeon Pro Vega 56, Radeon Pro Vega 56 Firmware, Radeon Pro Vega 64 and 110 more | 2024-11-21 | 7.5 High |
| Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service. | ||||
| CVE-2023-20598 | 1 Amd | 107 Radeon Pro W5500, Radeon Pro W5700, Radeon Pro W6300 and 104 more | 2024-11-21 | 7.8 High |
| An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution. | ||||
| CVE-2023-20597 | 1 Amd | 202 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 199 more | 2024-11-21 | 5.5 Medium |
| Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | ||||
| CVE-2023-20596 | 1 Amd | 128 Ryzen 3 5125c, Ryzen 3 5125c Firmware, Ryzen 3 5300g and 125 more | 2024-11-21 | 9.8 Critical |
| Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution. | ||||
| CVE-2023-20594 | 1 Amd | 250 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 247 more | 2024-11-21 | 4.4 Medium |
| Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | ||||
| CVE-2023-20592 | 2 Amd, Redhat | 141 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 138 more | 2024-11-21 | 6.5 Medium |
| Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity. | ||||