Filtered by vendor Amd
Subscriptions
Total
252 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12951 | 1 Amd | 116 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 113 more | 2022-05-12 | 7.0 High |
| Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations. | ||||
| CVE-2021-26312 | 1 Amd | 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more | 2022-05-11 | 5.5 Medium |
| Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity. | ||||
| CVE-2020-6102 | 1 Amd | 1 Radeon Directx 11 Driver Atidxx64.dll | 2022-04-27 | 9.9 Critical |
| An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). | ||||
| CVE-2021-26333 | 1 Amd | 2 Chipset Driver, Psp Driver | 2022-04-26 | 5.5 Medium |
| An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages. | ||||
| CVE-2019-9836 | 2 Amd, Opensuse | 16 Epyc 7251, Epyc 7261, Epyc 7281 and 13 more | 2022-04-18 | 5.3 Medium |
| Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation. | ||||
| CVE-2021-26401 | 1 Amd | 252 A10-9600p, A10-9600p Firmware, A10-9630p and 249 more | 2022-03-18 | 5.6 Medium |
| LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. | ||||
| CVE-2020-12891 | 1 Amd | 2 Radeon Pro Software, Radeon Software | 2022-02-09 | 7.8 High |
| AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable. | ||||
| CVE-2020-12963 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2021-12-27 | 7.8 High |
| An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system. | ||||
| CVE-2020-12929 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2021-12-27 | 7.8 High |
| Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution . | ||||
| CVE-2020-12893 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2021-12-27 | 7.8 High |
| Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service. | ||||
| CVE-2020-12895 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2021-12-27 | 7.8 High |
| Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service. | ||||
| CVE-2020-12892 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2021-12-27 | 7.8 High |
| An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution. | ||||
| CVE-2020-12890 | 1 Amd | 1 Amd Generic Encapsulated Software Architecture | 2021-12-15 | 6.7 Medium |
| Improper handling of pointers in the System Management Mode (SMM) handling code may allow for a privileged attacker with physical or administrative access to potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system. | ||||
| CVE-2021-26340 | 1 Amd | 210 Epyc 7001, Epyc 7001 Firmware, Epyc 7232p and 207 more | 2021-12-15 | 8.4 High |
| A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM). | ||||
| CVE-2021-26325 | 1 Amd | 40 Epyc 7232p, Epyc 7232p Firmware, Epyc 72f3 and 37 more | 2021-11-19 | 5.5 Medium |
| Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service. | ||||
| CVE-2021-26331 | 1 Amd | 116 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 113 more | 2021-11-19 | 7.8 High |
| AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution. | ||||
| CVE-2021-26330 | 1 Amd | 116 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 113 more | 2021-11-19 | 5.5 Medium |
| AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. | ||||
| CVE-2021-26327 | 1 Amd | 40 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 37 more | 2021-11-19 | 5.5 Medium |
| Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality. | ||||
| CVE-2021-26321 | 1 Amd | 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more | 2021-11-19 | 5.5 Medium |
| Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP. | ||||
| CVE-2021-26323 | 1 Amd | 40 Epyc 7232p, Epyc 7232p Firmware, Epyc 72f3 and 37 more | 2021-11-19 | 7.8 High |
| Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity. | ||||