Filtered by vendor Amd
Subscriptions
Total
287 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20589 | 1 Amd | 244 4700s, 4700s Firmware, Athlon Gold 3150c and 241 more | 2024-11-21 | 6.8 Medium |
| An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. | ||||
| CVE-2023-20588 | 5 Amd, Debian, Fedoraproject and 2 more | 78 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 75 more | 2024-11-21 | 5.5 Medium |
| A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. | ||||
| CVE-2023-20586 | 1 Amd | 1 Radeon Software | 2024-11-21 | 9.8 Critical |
| A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations | ||||
| CVE-2023-20583 | 1 Amd | 1 * | 2024-11-21 | 4.7 Medium |
| A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information. | ||||
| CVE-2023-20573 | 1 Amd | 130 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 127 more | 2024-11-21 | 3.2 Low |
| A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information. | ||||
| CVE-2023-20571 | 1 Amd | 142 Ryzen 3 5100, Ryzen 3 5100 Firmware, Ryzen 3 5125c and 139 more | 2024-11-21 | 8.1 High |
| A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation. | ||||
| CVE-2023-20569 | 5 Amd, Debian, Fedoraproject and 2 more | 302 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 299 more | 2024-11-21 | 4.7 Medium |
| A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. | ||||
| CVE-2023-20565 | 1 Amd | 142 Ryzen 3 5100, Ryzen 3 5100 Firmware, Ryzen 3 5125c and 139 more | 2024-11-21 | 7.8 High |
| Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-20564 | 2 Amd, Microsoft | 5 Ryzen, Ryzen Master, Ryzen Master Monitoring Sdk and 2 more | 2024-11-21 | 6.7 Medium |
| Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution. | ||||
| CVE-2023-20563 | 1 Amd | 154 Ryzen 3 5100, Ryzen 3 5100 Firmware, Ryzen 3 5125c and 151 more | 2024-11-21 | 7.8 High |
| Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-20562 | 3 Amd, Linux, Microsoft | 4 Amd Uprof, Uprof Tool, Linux Kernel and 1 more | 2024-11-21 | 7.8 High |
| Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. | ||||
| CVE-2023-20561 | 3 Amd, Linux, Microsoft | 3 Amd Uprof, Linux Kernel, Windows | 2024-11-21 | 5.5 Medium |
| Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service. | ||||
| CVE-2023-20560 | 2 Amd, Microsoft | 4 Ryzen Master, Ryzen Master Monitoring Sdk, Windows 10 and 1 more | 2024-11-21 | 4.4 Medium |
| Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service. | ||||
| CVE-2023-20556 | 3 Amd, Linux, Microsoft | 3 Amd Uprof, Linux Kernel, Windows | 2024-11-21 | 5.5 Medium |
| Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service. | ||||
| CVE-2023-20555 | 1 Amd | 238 Athlon 3015ce, Athlon 3015ce Firmware, Athlon 3015e and 235 more | 2024-11-21 | 7.8 High |
| Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. | ||||
| CVE-2023-20533 | 1 Amd | 170 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 167 more | 2024-11-21 | 6.1 Medium |
| Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. | ||||
| CVE-2023-20526 | 1 Amd | 146 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 143 more | 2024-11-21 | 1.9 Low |
| Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. | ||||
| CVE-2023-20521 | 1 Amd | 186 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 183 more | 2024-11-21 | 3.3 Low |
| TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. | ||||
| CVE-2023-20519 | 1 Amd | 4 Genoapi, Genoapi Firmware, Milanpi and 1 more | 2024-11-21 | 3.3 Low |
| A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. | ||||
| CVE-2022-29900 | 5 Amd, Debian, Fedoraproject and 2 more | 253 A10-9600p, A10-9600p Firmware, A10-9630p and 250 more | 2024-11-21 | 6.5 Medium |
| Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. | ||||