Filtered by vendor Amd
Subscribe
Total
293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31324 | 1 Amd | 26 Instinct Mi210, Instinct Mi250, Instinct Mi300a and 23 more | 2026-03-05 | N/A | 7.8 HIGH |
| A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability. | |||||
| CVE-2023-20548 | 1 Amd | 26 Instinct Mi210, Instinct Mi250, Instinct Mi300a and 23 more | 2026-03-05 | N/A | 7.8 HIGH |
| A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability. | |||||
| CVE-2021-26353 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2026-02-24 | 7.2 HIGH | 7.8 HIGH |
| Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity. | |||||
| CVE-2024-36340 | 1 Amd | 1 Uprof | 2025-11-26 | N/A | 6.6 MEDIUM |
| A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure. | |||||
| CVE-2025-29933 | 1 Amd | 1 Uprof | 2025-11-26 | N/A | 5.5 MEDIUM |
| Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service | |||||
| CVE-2025-48502 | 1 Amd | 1 Uprof | 2025-11-26 | N/A | 5.5 MEDIUM |
| Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service. | |||||
| CVE-2025-48510 | 1 Amd | 1 Uprof | 2025-11-26 | N/A | 7.1 HIGH |
| Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability. | |||||
| CVE-2025-48511 | 1 Amd | 1 Uprof | 2025-11-26 | N/A | 5.5 MEDIUM |
| Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service. | |||||
| CVE-2023-20597 | 1 Amd | 202 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 199 more | 2025-06-27 | N/A | 5.5 MEDIUM |
| Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | |||||
| CVE-2023-20594 | 1 Amd | 250 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 247 more | 2025-06-27 | N/A | 4.4 MEDIUM |
| Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | |||||
| CVE-2023-4969 | 3 Amd, Imaginationtech, Khronos | 261 Athlon 3000g, Athlon 3000g Firmware, Instinct Mi100 and 258 more | 2025-06-20 | N/A | 6.5 MEDIUM |
| A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures. | |||||
| CVE-2023-20573 | 1 Amd | 130 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 127 more | 2025-06-20 | N/A | 3.2 LOW |
| A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information. | |||||
| CVE-2023-31359 | 1 Amd | 1 Aim-t Manageability Api | 2025-05-16 | N/A | 7.3 HIGH |
| Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||
| CVE-2023-31358 | 1 Amd | 1 Aim-t Manageability Api | 2025-05-16 | N/A | 7.3 HIGH |
| A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||
| CVE-2021-46757 | 1 Amd | 20 Ryzen Embedded 5600e, Ryzen Embedded 5600e Firmware, Ryzen Embedded 5800e and 17 more | 2025-05-07 | N/A | 7.8 HIGH |
| Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation. | |||||
| CVE-2022-27674 | 4 Amd, Freebsd, Linux and 1 more | 4 Amd Uprof, Freebsd, Linux Kernel and 1 more | 2025-05-01 | N/A | 7.5 HIGH |
| Insufficient validation in the IOCTL input/output buffer in AMD µProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. | |||||
| CVE-2022-23831 | 4 Amd, Freebsd, Linux and 1 more | 4 Amd Uprof, Freebsd, Linux Kernel and 1 more | 2025-05-01 | N/A | 7.5 HIGH |
| Insufficient validation of the IOCTL input buffer in AMD µProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. | |||||
| CVE-2021-26391 | 1 Amd | 98 Enterprise Driver, Radeon Pro Software, Radeon Pro W5500 and 95 more | 2025-05-01 | N/A | 7.8 HIGH |
| Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel. | |||||
| CVE-2021-26360 | 1 Amd | 36 Enterprise Driver, Radeon Pro Software, Radeon Pro W6300m and 33 more | 2025-05-01 | N/A | 7.8 HIGH |
| An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP. | |||||
| CVE-2022-27673 | 1 Amd | 1 Amd Link | 2025-05-01 | N/A | 7.5 HIGH |
| Insufficient access controls in the AMD Link Android app may potentially result in information disclosure. | |||||