TPM Out of Bounds Access

Bulletin ID: AMD-SB-7002 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Researchers have identified two potential vulnerabilities that affect systems using the TPM 2.0 reference implementation, including some systems using AMD CPUs...

AMD Response to Log4j (Log4Shell) Vulnerability

Bulletin ID: AMD-SB-1034 Potential Impact: Remote Code Execution Severity: Critical Summary 1/17/2022 Update: AMD has completed our investigation of the Apache Log4j vulnerability. AMD believes no AMD products are affected. 12/15/2021: AMD is actively investigating potential impacts of the Apache...

AMD CPU Branch Type Confusion

Bulletin ID: AMD-SB-1037 Potential Impact: Information disclosure, arbitrary speculative code execution Severity: Medium Summary This security bulletin addresses two issues related to CVE-2017-5715 previously known as Spectre Variant 2. As part of our efforts to continue improving security...

AMD Server Vulnerabilities – January 2023

Bulletin ID: AMD-SB-1032 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...

Execution Unit Scheduler Contention Side-Channel Vulnerability on AMD Processors

Bulletin ID: AMD-SB-1039 Potential Impact: Information Disclosure Severity: Medium Summary Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2”, “Zen 3” and “Zen 4” that use simultaneous multithreading SMT. By...

AMD Radeon™ Graphics Kernel Driver Privilege Management Vulnerability

Bulletin ID: AMD-SB-6009 Potential Impact: Arbitrary code execution Severity: High Summary A potential vulnerability was reported in the AMD Radeon™ Software Adrenalin Edition and PRO Edition kernel pdfwkrnl.sys driver which may allow arbitrary code execution. Current AMD analysis shows the attac...

AMD Client Vulnerabilities – May 2022

Bulletin ID: AMD-SB-1027 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...

Cross-Thread Return Address Predictions

Bulletin ID: AMD-SB-1045 Potential Impact: Information Disclosure Summary AMD internally discovered a potential vulnerability where certain AMD processors may speculatively execute instructions at an incorrect return site after an SMT mode switch that may potentially lead to information disclosur...

Return Address Security Bulletin

Bulletin ID: AMD-SB-7005 Potential Impact: Data Confidentiality Severity: Medium Summary AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack. The attack can result in speculative execution at an attacker-controlled address, potentially leading ...

AMD Server Vulnerabilities – November 2021

Bulletin ID: AMD-SB-1021 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...

AMD Processor Vulnerabilities

Bulletin ID: AMD-SB-7009 Potential Impact: Refer to the CVE Details section Severity: Refer to the CVE Details section Summary Researchers disclosed multiple potential vulnerabilities that may impact some AMD processors. AMD has assessed the researchers’ findings and is publishing CVEs and...

LFENCE/JMP Mitigation Update for CVE-2017-5715

Bulletin ID: AMD-SB-1036 Potential Impact: Loss of Confidentiality Severity: Medium Summary AMD is providing an update for one recommended mitigation for CVE-2017-5715 previously known as Spectre Variant 2. The speculative execution window of AMD LFENCE/JMP mitigation MITIGATION V2-2 may be large...

AMD Server Vulnerabilities - May 2022

Bulletin ID: AMD-SB-1028 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...

SMM Lock Bypass

AMD ID: AMD-SB-7014 Potential Impact: Arbitrary Code Execution Severity: High Summary Researchers from IOActive have reported that it may be possible for an attacker with ring 0 access to modify the configuration of System Management Mode SMM even when SMM Lock is enabled...

IBPB and Return Stack Buffer Interactions

Bulletin ID: AMD-SB-1040 Potential Impact: Information Disclosure Severity: Medium Summary AMD is aware of a potential vulnerability affecting AMD CPUs where the OS relies on IBPB to flush the return address predictor. This may allow for CVE-2017-5715 previously known as Spectre Variant 2 attacks...

AMD Server Vulnerabilities – Nov 2023

Bulletin ID: AMD-SB-3002 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Unit SMU, AMD Secure Encrypted Virtualization SEV, AMD Secure Encrypted...

AMD CPUs May Transiently Execute Beyond Unconditional Direct Branch

Bulletin ID: AMD-SB-1026 Potential Impact: Data leakage Severity: Medium Summary AMD is providing an update for one recommended mitigation, mitigation G-5, in the “Software Techniques for Managing Speculation on AMD processors” white paper. Mitigation G-5 helps address potential vulnerabilities...

AMD Embedded Processors Vulnerabilities – February 2024

Bulletin ID: AMD-SB-5001 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Embedded processors were reported, and mitigations are being provided through Platform Initialization PI firmware packages. CVE...

AMD INVD Instruction Security Notice

Bulletin ID: AMD-SB-3005 Potential Impact: Memory integrity Severity: Medium Summary External researchers reported a potential vulnerability with the INVD instruction that may lead to a loss of SEV-ES and SEV-SNP guest virtual machine VM memory integrity. CVE Details Refer to Glossary for...

AMD μProf Security Bulletin

Bulletin ID: AMD-SB-7003 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary AMD μProf “MICRO-prof” is a software profiling analysis tool for x86 applications running on Windows, Linux and FreeBSD operating systems and provides event...

AMD Client Vulnerabilities – November 2023

Bulletin ID: AMD-SB-4002 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Secure Processor ASP, AMD System Management Unit SMU, and other platform components were reported, and mitigations are being...

AMD Ryzen™ Master Security Bulletin

Bulletin ID: AMD-SB-1052 Potential Impact: Privilege Escalation Severity: High Summary AMD Ryzen™ Master is a software tool that gives users advanced, real-time control of system performance. AMD Ryzen™ Master allows the user to control various clock and voltage settings in real time. CVE Details...

Speculative Load Disordering

Bulletin ID: AMD-SB-1035 Potential Impact: Data Leakage Severity: Low Summary AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage. CVE Details...

AMD Server Vulnerabilities – August 2024

Bulletin ID: AMD-SB-3003 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor ASP, AMD Secure Encrypted Virtualization SEV, AMD Secure Encrypted Virtualization – Secure Nested Paging...

Speculative Race Conditions (SRCs)

Bulletin ID: AMD-SB-7016 Potential Impact: Speculative Race Condition Severity: Varies by CVE, see descriptions below Summary Researchers from IBM Research Europe and Vrije Universiteit Amsterdam have published a paper titled “GhostRace: Exploiting and Mitigating Speculative Race Conditions.” AMD...

OpenSSL Vulnerabilities

Bulletin ID: AMD-SB-7001 Potential Impact: Denial of Service, Remote Code Execution Severity: High Summary OpenSSL announced two high severity vulnerabilities affecting certain versions of their product. Currently, AMD believes potential impact is limited to the ReLive streaming feature which mak...

AMD Server Vulnerabilities – May 2023

Bulletin ID: AMD-SB-3001 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Unit SMU, AMD Secure Encrypted Virtualization SEV and other platform components...

Client Vulnerabilities – May 2023

Bulletin ID: AMD-SB-4001 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Secure Processor ASP, AMD System Management Unit SMU, and other platform components were discovered, and mitigations are being...

AMD μProf Security Bulletin

Bulletin ID: AMD-SB-1046 Potential Impact: Denial of service Severity: Medium Summary AMD μProf “MICRO-prof” is a software profiling analysis tool for x86 applications running on Windows, Linux and FreeBSD operating systems and provides event information unique to the AMD “Zen”-based processors a...

Disrupting AMD SEV-SNP on Linux® With Interrupts

AMD ID: AMD-SB-3008 Potential Impact: N/A Severity: N/A Summary Researchers from ETH Zurich have shared with AMD a paper titled “Heckler: Disrupting AMD SEV-SNP with Interrupts.” In their paper, the researchers report that a malicious hypervisor can potentially break confidentiality and integrity...

GPU Memory Leaks

Bulletin ID: AMD-SB-6010 Potential Impact: Data leakage Severity: Medium Summary Researchers from Trail of Bits reported a potential vulnerability, titled “LeftoverLocals.” According to their research, a compromised GPU kernel could potentially read local memory values from another kernel...

Debug Exception Delivery in Secure Nested Paging

Bulletin ID: AMD-SB-3006 Potential Impact: Suppression of guest debug exceptions Severity: Low Summary A researcher has reported that a host can potentially suppress delivery of debug exceptions to SEV-SNP guests that have the restricted injection feature enabled. For example, a software-based...

AMD Graphics Driver Vulnerabilities – November 2023

Bulletin ID: AMD-SB-6003 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary AMD received reports of vulnerabilities potentially affecting some AMD Graphics products. Refer to the CVE Details section for information about each CVE. CVE...

AMD Chipset Driver Information Disclosure Vulnerability

Bulletin ID: AMD-SB-1009 Potential Impact: Information Disclosure Severity: Medium Summary Low privileged malicious users may be able to access and leak data through the AMD Chipset Driver. CVE Details CVE-2021-26333 Insufficient access controls in the AMD Link Android app may potentially result ...

AMD SMM Supervisor Vulnerability Security Notice

Bulletin ID: AMD-SB-7011 Potential Impact: Loss of confidentiality, integrity, and availability Severity: High Summary External researchers reported a potential vulnerability during SMM Supervisor initialization which may impact some AMD processors. On systems that do not have Supervisor Mode...

DXE Driver Memory Leaks

Bulletin ID: AMD-SB-4007 Potential Impact: Data Leakage Severity: Medium Summary Potential memory leak vulnerabilities in AMD Driver Execution Environment DXE driver. CVE Details Refer to Glossary for explanation of terms CVE| Severity| Description ---|---|--- CVE-2023-20594| Medium| Improper...

Client Vulnerabilities – Aug 2024

Bulletin ID: AMD-SB-4004 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Secure Processor ASP, and other platform components were reported. Mitigations are being provided in Platform Initialization PI...

Speculative Code Store Bypass and Floating-Point Value Injection

Bulletin ID: AMD-SB-1003 Potential Impact: Data Leakage Severity: Medium Summary AMD is aware of research from the VUsec group at Vrije Universiteit Amsterdam and believes that these issues are only exploitable in conjunction with software vulnerabilities related to incorrect speculation of...

AMD Client Vulnerabilities – January 2023

Bulletin ID: AMD-SB-1031 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary In collaboration with various third parties, AMD platforms were audited for potential security exposures. Potential vulnerabilities in AMD Secure Processor ASP,...

Uninitialized GPU Register Access

AMD ID: AMD-SB-6013 Potential Impact: Data Leakage Severity: Medium Summary AMD is aware of a publicly available paper titled “Whispering Pixels: Exploiting Uninitialized Register Accesses in Modern GPUs” which describes a technique for potentially leaking pixel data from GPU registers...

SEV-SNP Routing Misconfiguration

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-54510| A missing lock verification in AMD Secure Processor ASP firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based...

AMD Embedded Processors Vulnerabilities – Aug 2024

Bulletin ID: AMD-SB-5002 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Embedded processors were reported, and mitigations are being provided through Platform Initialization PI firmware packages. CVE...

fTPM Voltage Fault Injection

Bulletin ID: AMD-SB-4005 Potential Impact: Arbitrary Code Execution Severity: High Summary CVE-2023-20589 Researchers at the Technische Universität Berlin have reported the use of voltage fault injection attacks on ASP secure boot targeting fTPM. An attacker with specialized hardware and physical...

Potential Improper Access Control Vulnerability in AMD μProf Tool

Bulletin ID: AMD-SB-1016 Potential Impact: Improper access / Code execution Severity: High Summary Potential improper access control vulnerability in AMD μProf Tool. CVE Details CVE-2021-26334 pThe AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in...

AMD Graphics Driver Vulnerabilities – November 2022

Bulletin ID: AMD-SB-1029 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary AMD received reports of vulnerabilities potentially affecting some AMD Graphics products. Refer to the CVE Details section for information about each CVE. CVE...

AMD Graphics Driver for Windows 10

Bulletin ID: AMD-SB-1000 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary In a comprehensive analysis of the AMD Escape calls, a potential set of weaknesses in several APIs was discovered, which could result in escalation of privilege...

SEV-SNP Firmware Vulnerabilities

Bulletin ID: AMD-SB-3007 Potential Impact: Data leakage CVE-2023-31346 and loss of integrity CVE-2023-31347 Severity: Refer to the CVE Details section Summary This bulletin addresses two SEV firmware vulnerabilities reported by an external researcher. Refer to the CVE Details section below. CVE...

SMM Memory Corruption Vulnerability

Bulletin ID: AMD-SB-4003 Potential Impact: Arbitrary Code Execution Severity: High Summary SMM memory corruption vulnerability in SMM driver on some AMD Processors. CVE-2023-20555 Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an...

Speculative Leaks Security Notice

Bulletin ID: AMD-SB-7007 Potential Impact: Loss of Confidentiality Severity: Low Summary External researchers have reported that on some AMD processors a division-by-zero can potentially return speculative data. CVE Details Refer to Glossary for explanation of terms CVE| Severity| CVE Description...

QEMU Root Shell Access Vulnerability

AMD ID: AMD-SB-3012 Potential Impact: Guest OS Root Shell Access from Malicious Host Severity: N/A Summary Researchers from the University of Tokyo shared with AMD a paper titled “A Root Shell Access Vulnerability in QEMU for AMD SEV-SNP Confidential Virtual Machines.” The research paper reports...