MilanLaunchy Firmware Loader

References CVE-2021-26315: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1021.html CVE-2024-21944: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3015.html CVE-2024-21981: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html &...

AMD Athlon™, AMD Ryzen™, and AMD Ryzen™ Embedded Series Processor Vulnerabilities – May 2026

CVE Details Refer to Glossary for explanation of terms CVE ID| CVE Description| CVSS ---|---|--- CVE-2021-46747| Insufficient granularity of access control in AMD Secure Processor ASP may allow an attacker with an untrusted user space application to map sensitive System Management Network SMN...

AMD Chipset Driver Vulnerabilities

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-0028| An unchecked return value within the AMD Platform Management Framework PMF could allow an attacker to read or modify an arbitrary address, potentially resulting in loss of...

TDXRay: Microarchitectural Side-Channel Analysis of Intel TDX for Real-World Workloads

Affected Products AMD EPYC™ Series Processors AMD EPYC™ 7003 Series Processors AMD EPYC™ 8004 Series Processors AMD EPYC™ 9004 Series Processors AMD EPYC™ 9005 Series Processors AMD EPYC™ Embedded Series Processors AMD EPYC™ Embedded 7003 AMD EPYC™ Embedded 8004 AMD EPYC™ Embedded 9004 AMD EPYC™...

InstallShield Privilege Escalation

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description ---|--- CVE-2024-14012 Issued by Revenera| https://vulners.com/cve/CVE-2024-14012...

AMD Graphics Vulnerabilities – May 2026

CVE Details Refer to Glossary for explanation of terms CVE ID| CVE Description| CVSS Vector ---|---|--- CVE-2024-36323| Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine VM or a process to perform unauthorized access to the register space of the JPEG...

AMD Server Software and Embedded Chipset Driver Vulnerabilities Identified in Windows® Environments

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2026-0432| Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.|...

AMD EPYC™ and AMD EPYC™ Embedded Series Processor Vulnerabilities – May 2026

CVE Details Refer to Glossary for explanation of terms CVE ID| CVE Description| CVSS Vector ---|---|--- CVE-2025-61972| Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network SMN access, potentially resulting in...

Unsafe OpenSSL Initialization Vulnerability Within AMD Manageability Software

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-62628| Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution....

AMD RAID Driver Vulnerability

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2024-21962| Improper input validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location, potentially resulting in privilege escalation and arbitrary code...

AMD Device Management Portal Key Download

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-62619| Missing authentication in the KVM key download endpoint could allow an unauthenticated attacker with knowledge of the exposed URL to retrieve sensitive keys, potentially leading to...

Quality-of-Service Feature Side Channels

Revisions Revision Date| Description ---|--- 2026-05-12| Initial publication...

Ionic Driver Vulnerabilities

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-62623| A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.| 8....

CPU OP Cache Corruption

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-54518| Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level...

AMD Device Metrics Exporter (ROCm ecosystem) Vulnerability

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2026-0481| Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially...

Floating Point Divider State Sampling on AMD CPUs

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-54505| A transient execution vulnerability within AMD CPUs may allow a local, user-privileged attacker to leak data via the floating-point divisor unit, potentially resulting in a loss of...

Floating Point Value Injection (FPVI) Variant in AMD CPUs

Summary Researchers shared with AMD a report titled “TREVEX: A Black-Box Detection Framework For Data-Flow Transient Execution Vulnerabilities.” The researchers' paper introduced a Floating-Point Value Injection FPVI variant, which could allow an attacker with a deep understanding of...

IOMMU Write Buffer Vulnerability

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2023-20585| Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP...

Mishandling Resource Contention in AMD Processors

Revisions Revision Date| Description ---|--- 2026-04-14| Initial publication...

SEV-SNP Routing Misconfiguration

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-54510| A missing lock verification in AMD Secure Processor ASP firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based...

Incorrect use of LocateProtocol Service of the EFI_BOOT_Services table in SMI Handler

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-54502| Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve privilege escalation...

Guest Initiated Machine Check Errors

Summary AMD received a report from the security team at Amazon Web Services AWS indicating that it may be possible for guest VMs to cause a crash of a host system. By flooding the host system with a large number of malformed System Management Interrupts SMIs, it may be possible for a guest VM to...

SNPeek: Side-Channel Analysis for Privacy Applications on Confidential VMs

Revisions Revision Date| Description ---|--- 2026-02-23| Initial publication...

Control Flow Reconstruction using HPCs

Affected Products and Mitigation Performance counters are not protected by Secure Encrypted Virtualization SEV, SEV-ES, or SEV-SNP. AMD has defined support for performance counter virtualization in APM Vol 2, section 15.39. Performance Monitoring Counters PMC virtualization, available on AMD...

AMD µProf Vulnerability

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-61969| Incorrect permission assignment in AMD µProf performance analysis tool-suite may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in...

AMD GPU Timing-Based Side Channels

Revisions Revision Date| Description ---|--- 2026-02-10| Initial publication...

AMD Athlon™ and AMD Ryzen™ Processor Vulnerabilities – February 2026

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score| CVSS Attack Vector ---|---|---|--- CVE-2025-52533| Improper access control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data...

AMD EPYC™ and AMD EPYC™ Embedded Series Processor Vulnerabilities – February 2026

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score| CVSS Vector ---|---|---|--- CVE-2025-52533| Improper access control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality ...

AMD Vivado™ Design Suite Vulnerabilities

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-52541| Uncontrolled search paths in the 2024.2 Vivado™ installation could allow a lower-level, local user to achieve privilege escalation, potentially resulting in arbitrary code execution...

AMD Graphics Driver Vulnerabilities – February 2026

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description | CVSS Score ---|---|--- CVE-2024-36324| Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution.| 8.8 High...

Optical Probing of Readback CRC Bus

Revisions Revision Date| Description ---|--- 2026-02-10| Initial publication...

SEV-SNP Guest Stack Pointer Corruption Vulnerability

Summary Researchers have reported a CPU-caused stack corruption issue caused by flipping an undocumented MSR bit. AMD believes that this vulnerability occurs due to inadequate access controls, which fail to prevent the hypervisor from setting an internal configuration bit. This attack could allow...

Memory Re-orderings as a Timerless Side-channel

Summary Researchers have provided AMD with a paper titled “MEMORY DISORDER: Memory Re-orderings as a Timerless Side-channel” In this work, the authors introduced MEMORY DISORDER, a timerless side-channel attack that exploits memory re-orderings to infer activity on other processes. They showed th...

PCIe Specification Issues

Summary PCIe SIG in industry coordination with CERT CC is releasing details on three PCIe specification issues...

GPUHammer: Rowhammer Attacks on GPU Memories are Practical

Revisions Revision Date| Description ---|--- 2025-12-03| Initial publication...

AMD StoreMi™ Vulnerabilities

Summary Researchers have reported potential vulnerabilities in AMD StoreMi™ technology which may allow escalation of privilege. AMD StoreMi™ technology was a tool for users looking to improve load time, boot time, file management, or system responsiveness. AMD StoreMi™ falls outside of the securi...

Incorrect Secure Flag Usage in Versal™ Adaptive SoC Arm® Trusted Firmware

Summary The Secure Flag passed to Versal™ Adaptive SoC’s Arm Trusted Firmware for Cortex®-A processors TF-A for Arm’s Power State Coordination Interface PSCI commands were incorrectly set to secure instead of using the processor’s actual security state. This would allow the PSCI requests to appea...

Stale Translation Lookaside Buffer (TLB) Entry Vulnerability

Summary An internally reported microcode bug in some EPYC™ AMD CPUs could allow a local admin-privileged attacker to run SEV-SNP Secure Encrypted Virtualization - Secure Nested Paging guests using stale TLB entries. This bug could allow SNP active vCPUs to reuse TLB entries from other virtual...

AMD μProf Vulnerabilities

Summary A bug bounty researcher reported multiple vulnerabilities within the AMD μProf tool. In these reports, the researcher notes that the AMD μProf vulnerability has multiple improper input validation vulnerabilities and an improper return value vulnerability, which could potentially result in...

AMD Xilinx Run Time (XRT) Vulnerabilities

Summary The researchers reported vulnerabilities within AMD Xilinx Run Time XRT drivers, particularly in user space XRT driver XOCL. These drivers are delivered as part of the AMD XRT framework. Please refer to the CVE Details section for further information on each of these vulnerabilities...

Missing Use of the Secure Flag in Zynq™ UltraScale+™ SoC Trusted Firmware

Summary A researcher reported that the security state of the calling processor into Trusted Firmware TF-A is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability turn on and off subsystems within the SoC...

Compromising Trusted Execution Environments through DDR5 Memory Bus Interposition

Summary Researchers successfully executed a physical bus interposition attack targeting server-grade DDR5 memory, compromising the confidentiality of encrypted data during runtime. AMD does not plan to provide mitigations since physical vector attacks are out of scope for AMD SEV-SNP. as detailed...

RDSEED Failure on AMD “Zen 5” Processors

Summary AMD was notified of a bug in “Zen 5” processors that may cause the RDSEED instruction to return 0 at a rate inconsistent with randomness while incorrectly signaling success CF=1, indicating a potential misclassification of failure as success. This issue was initially reported publicly via...

Physical Address Bit Leakage on AMD SEV-SNP Systems

Revisions Revision Date| Description ---|--- 2025-10-20| Initial publication...

Prefetcher Side Channel Attack

Revisions Revision Date| Description ---|--- 2025-10-17| Initial publication...

SEV-SNP RMP Initialization Vulnerability

Summary Researchers from ETHz reported that a malicious hypervisor could corrupt the Reverse Map Table RMP during Secure Nested Paging SNP initialization. AMD reproduced the issue and determined it is due to a race condition that can occur while the AMD Secure Processor ASP is initializing the RM...

SEV-SNP Physical Memory Aliasing

Summary Researchers have reported a method for privileged attackers with physical access to a motherboard to potentially compromise confidentiality and integrity of AMD Secure Encrypted Virtualization – Secure Nesting Paging SEV-SNP guests. AMD does not plan to release any mitigations in response...

DRAM Related Side Channel Attacks

Summary Researchers have provided AMD with a paper titled “Quo VADIS DDR5? Verifying Addressing of DRAM In Software.” In this paper, the authors present an approach to verifying DRAM addressing functions from software using the DRAM row conflict side channel. The authors claim that the presented...

Undervoltage-based Static Side-channel Attacks (“Chypnosis”) on FPGAs

Summary This document describes a potential attack technique against FPGA devices that leverages side-channel analysis SCA techniques to physically extract register and memory content from the device. In applications following best practices for security, critical data, such as decryption keys, i...

Phoenix: Rowhammer Attacks on DDR5 Memory

Mitigation AMD released updated Platform Initialization PI packages to the Original Equipment Manufacturers OEM for AMD Ryzen™ Series processors. These updates allow customers to enable Mixed Refresh Mode, which is an existing DRAM workaround to rowhammer-style attacks. Please contact your OEM fo...