Filtered by vendor Amd
Subscriptions
Total
252 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12982 | 2 Amd, Microsoft | 3 Radeon Pro Software, Radeon Software, Windows 10 | 2023-11-07 | 7.8 High |
| An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. | ||||
| CVE-2020-12981 | 2 Amd, Microsoft | 3 Radeon Pro Software, Radeon Software, Windows 10 | 2023-11-07 | 7.8 High |
| An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service. | ||||
| CVE-2020-12980 | 2 Amd, Microsoft | 3 Radeon Pro Software, Radeon Software, Windows 10 | 2023-11-07 | 7.8 High |
| An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. | ||||
| CVE-2023-44216 | 7 Amd, Apple, Canonical and 4 more | 16 Ryzen 5 7600x, Ryzen 7 4800u, M1 Mac Mini and 13 more | 2023-10-05 | 5.3 Medium |
| PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin. | ||||
| CVE-2023-20597 | 1 Amd | 202 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 199 more | 2023-09-22 | 5.5 Medium |
| Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | ||||
| CVE-2023-20594 | 1 Amd | 250 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 247 more | 2023-09-22 | 4.4 Medium |
| Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | ||||
| CVE-2023-20560 | 2 Amd, Microsoft | 4 Ryzen Master, Ryzen Master Monitoring Sdk, Windows 10 and 1 more | 2023-08-23 | 4.4 Medium |
| Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service. | ||||
| CVE-2023-20564 | 2 Amd, Microsoft | 4 Ryzen Master, Ryzen Master Monitoring Sdk, Windows 10 and 1 more | 2023-08-23 | 6.7 Medium |
| Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution. | ||||
| CVE-2023-20589 | 1 Amd | 244 4700s, 4700s Firmware, Athlon Gold 3150c and 241 more | 2023-08-22 | 6.8 Medium |
| An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. | ||||
| CVE-2023-20586 | 1 Amd | 1 Radeon Software | 2023-08-21 | 9.8 Critical |
| A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations | ||||
| CVE-2023-20555 | 1 Amd | 238 Athlon 3015ce, Athlon 3015ce Firmware, Athlon 3015e and 235 more | 2023-08-21 | 7.8 High |
| Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. | ||||
| CVE-2023-20562 | 3 Amd, Linux, Microsoft | 3 Amd Uprof, Linux Kernel, Windows | 2023-08-14 | 7.8 High |
| Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. | ||||
| CVE-2021-26361 | 1 Amd | 71 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 68 more | 2023-08-08 | 5.5 Medium |
| A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure. | ||||
| CVE-2021-26360 | 1 Amd | 36 Enterprise Driver, Radeon Pro Software, Radeon Pro W6300m and 33 more | 2023-08-08 | 7.8 High |
| An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP. | ||||
| CVE-2021-26388 | 1 Amd | 213 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 210 more | 2023-08-08 | 5.5 Medium |
| Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service. | ||||
| CVE-2021-26317 | 1 Amd | 147 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 144 more | 2023-08-08 | 7.8 High |
| Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution. | ||||
| CVE-2021-26316 | 1 Amd | 294 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 291 more | 2023-08-08 | 7.8 High |
| Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution. | ||||
| CVE-2021-26363 | 1 Amd | 67 Radeon Software, Ryzen 3 3100, Ryzen 3 3100 Firmware and 64 more | 2023-08-08 | 4.4 Medium |
| A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure. | ||||
| CVE-2021-26341 | 1 Amd | 252 A10-9600p, A10-9600p Firmware, A10-9630p and 249 more | 2023-08-08 | 6.5 Medium |
| Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. | ||||
| CVE-2021-46744 | 1 Amd | 198 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 195 more | 2023-08-08 | 6.5 Medium |
| An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time. | ||||