CVE-2025-48516

Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module...

CVE-2025-48516

Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module...

CVE-2025-48516

CVE-2025-48516 : The AMD AMD/AGESA Bootloader Firmware DDR5 memory module has an insecure default configuration state that enables an attacker with local privileges to abuse an unprotected PMIC interface, potentially causing a permanent denial of service or affecting memory integrity. The descrip...

CVE-2025-48516

Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module...

PT-2026-41253

Name of the Vulnerable Software and Affected Versions AGESA Bootloader Firmware affected versions not specified Description An insecure default configuration state of the DDR5 memory module within the AGESA Bootloader Firmware allows a local user to abuse the unprotected PMIC Power Management...

PT-2025-44990

Name of the Vulnerable Software and Affected Versions AMD processors affected versions not specified Description A flaw exists in the RDSEED instruction used for hardware-level random number generation on Zen 5 CPUs. This issue can cause the 16-bit and 32-bit versions of RDSEED to produce...

EUVD-2017-16293

Malware in sbrugna...

EUVD-2024-19576

Malicious code in bioql PyPI...

CVE-2024-21970

Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity...

CVE-2024-21970

CVE-2024-21970 describes improper validation of an array index in the AND power Management Firmware, causing possible AGESA memory corruption and loss of integrity when exploited by a privileged attacker. Connected documents identify affected AMD Client Processor platforms and indicate mitigation...

CVE-2024-21970

Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity...

CVE-2024-21970

Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity...

CVE-2023-20576

A vulnerability was found in AMD hardware due to insufficient verification of data authenticity in AGESA. This issue may allow a local unauthenticated attacker to update SPI ROM data, potentially resulting in denial of service or privilege escalation. Mitigation Mitigation for this issue is eithe...

SMM Memory Corruption Vulnerability

Bulletin ID: AMD-SB-4003 Potential Impact: Arbitrary Code Execution Severity: High Summary SMM memory corruption vulnerability in SMM driver on some AMD Processors. CVE-2023-20555 Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an...

Return Address Security Bulletin

Bulletin ID: AMD-SB-7005 Potential Impact: Data Confidentiality Severity: Medium Summary AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack. The attack can result in speculative execution at an attacker-controlled address, potentially leading ...

AMD Server Vulnerabilities – May 2023

Bulletin ID: AMD-SB-3001 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Unit SMU, AMD Secure Encrypted Virtualization SEV and other platform components...

Client Vulnerabilities – May 2023

Bulletin ID: AMD-SB-4001 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Secure Processor ASP, AMD System Management Unit SMU, and other platform components were discovered, and mitigations are being...

TPM Out of Bounds Access

Bulletin ID: AMD-SB-7002 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Researchers have identified two potential vulnerabilities that affect systems using the TPM 2.0 reference implementation, including some systems using AMD CPUs...

CVE-2021-26361

A malicious or compromised User Application UApp or AGESA Boot Loader ABL could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure...

Information disclosure

A malicious or compromised User Application UApp or AGESA Boot Loader ABL could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure...