Cross-Process Information Leak

Bulletin ID: AMD-SB-7008 Potential Impact: Information disclosure Severity: Medium Summary Under specific microarchitectural circumstances, a register in “Zen 2” CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which...

Frequency Scaling Timing Power Side-Channels

Bulletin ID: AMD-SB-1038 Potential Impact: Information Disclosure Severity: Medium Summary AMD is aware of the academic research paper titled “Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86”. AMD has been notified the researchers intend to submit their paper to...

WebGPU Browser-based GPU Cache Side-Channel

Bulletin ID: AMD-SB-6011 Potential Impact: GPU Cache Attacks from the Browser Severity: Summary AMD is aware of a paper titled “Generic and Automated Drive-by GPU Cache Attacks from the Browser” being published by researchers from Graz University of Technology and The University of Rennes. AMD do...

Ciphertext Side Channels on AMD SEV

Bulletin ID: AMD-SB-1033 Potential Impact: Data leakage Severity: Medium Summary AMD received notification of a potential security vulnerability where data in specific cryptographic algorithms can be inferred in a SEV guest by monitoring the ciphertext values over time. Researchers from the...

TLB Poisoning Attacks on AMD Secure Encrypted Virtualization (SEV)

Bulletin ID: AMD-SB-1023 Potential Impact: Loss of Integrity, Confidentiality and Availability Summary A malicious hypervisor HV along with an unprivileged process controlled by an attacker and executing in a guest VM, may maliciously control the process of flushing the Translation Lookaside Buff...

AMD Secure Encryption Virtualization (SEV) Information Disclosure

Bulletin ID: AMD-SB-1013 Potential Impact: Information Disclosure Severity: Medium Summary AMD received notification of a potential security vulnerability from a team of researchers led by Professor Yinqian Zhang from Southern University of Science and Technology SUSTech. A paper titled...

Software based Power Side Channel on AMD CPUs

Bulletin ID: AMD-SB-7006 Potential Impact: Information disclosure Severity: Low Summary A potential leakage of data using software-based power side channels on AMD CPUs was reported to AMD. This issue has also been referred to as ‘Collide + Power’. CVE Details Refer to Glossary for explanation of...

AMD Graphics Driver Vulnerabilities – August 2024

AMD ID: AMD-SB-6005 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary AMD received reports of vulnerabilities potentially affecting some AMD Graphics products. Refer to the CVE Details section for information about each CVE...

Spectre V2 Mitigation Bypass on Linux®

AMD ID: AMD-SB-7018 Potential Impact: N/A Severity: N/A Summary An external researcher has shared a paper with AMD titled “InSpectre Gadget: Inspecting the Residual Attack Surface of Cross-privilege Spectre v2.” AMD is not aware of any impact to AMD products. No customer action is required...

AMD Link Android App

Bulletin ID: AMD-SB-1047 Potential Impact: Information Disclosure Severity: Medium Summary AMD Link is an AMD application designed for our gaming community and helps enable a user to stream Windows desktop and games to mobile devices, TVs and other Windows PCs. CVE-2022-27673 Insufficient access...

AMD Response to “ZENHAMMER: Rowhammer Attacks on AMD Zen-Based Platforms”

AMD ID: AMD-SB-7021 Potential Impact: Memory integrity Severity: N/A Summary On February 26, 2024, AMD received new research related to an industry-wide DRAM issue documented in “ZENHAMMER: Rowhammering Attacks on AMD Zen-based Platforms” from researchers at ETH Zurich. The research demonstrates...

Cache-based Side-Channel Attack Against SEV

AMD ID: AMD-SB-3010 Potential Impact: N/A Severity: N/A Summary AMD has received a report from researchers at National Taiwan University detailing cache-based side-channel attacks against Secure Encrypted Virtualization SEV. 2025-06-03 Update: A subsequent report of the same attacks was received...

Last-Level Cache Side-Channel Attacks

AMD ID: AMD-SB-7019 Potential Impact: N/A Severity: N/A Summary Researchers from the University of Illinois Urbana-Champaign and Tel Aviv University have published a paper titled “Last-Level Cache Side-Channel Attacks Are Feasible in the Modern Public Cloud.” The paper does not demonstrate any...

Undermining Integrity Features of SEV-SNP with Memory Aliasing

AMD ID: AMD-SB-3015 Potential Impact: Loss of Integrity Severity: Medium Summary A team of researchers has reported to AMD that it may be possible to modify serial presence detect SPD metadata to make an attached memory module appear larger than it is, potentially allowing an attacker to overwrit...

Radeon™ Software Crimson ReLive Edition

Bulletin ID: AMD-SB-6007 Potential Impact: Escalation of Privilege Severity: High Summary Radeon™ Software Crimson ReLive Edition is an advanced graphics software designed for enabling high-performance gaming and engaging VR experiences. A potential vulnerability was reported in Radeon™ Software...

Transient Execution of Non-canonical Accesses

Bulletin ID: AMD-SB-1010 Potential Impact: Data Leakage Severity: Medium Summary AMD reviewed “Transient Execution of Non-Canonical Accesses“ submitted by a researcher demonstrating that AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits. CVE Detai...

Return Address Stack Side Channel

Bulletin ID: AMD-SB-7031 Potential Impact: N/A Severity: N/A Summary Researchers from the Google® Security Team have reported to AMD a new method of exploiting the previously reported CVE-2023-20569 “Inception” vulnerability on “Zen 3” and “Zen 4” based architectures. AMD believes that the...

AMD Ryzen™ Master Security Bulletin

Bulletin ID: AMD-SB-7004 Potential Impact: Varies by CVE, see descriptions below Severity: V aries by CVE, see descriptions below Summary AMD Ryzen™ Master is a software tool that provides users access to advanced settings, such as clock and voltage settings, to control system performance in...

AMD Secure Encrypted Virtualization

Bulletin ID: AMD-SB-1004 Potential Impact: Arbitrary Code Execution Severity: Medium Summary AMD is aware of 2 research papers related to AMD’s Secure Encrypted Virtualization SEV which will be presented at this year’s 15th IEEE Workshop on Offensive Technologies WOOT’21. In the paper titled...

AMD UltraScale™/UltraScale+™ FPGA Series RSA Authentication

Bulletin ID: AMD-SB-8002 Potential Impact: Information Integrity Severity: Refer to the Summary section for details Summary Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams. CVE| Severity| CVE...

AMD Ryzen™ AI Software

Bulletin ID: AMD-SB-7017 Potential Impact: Arbitrary Code Execution, System Crash Severity: High Summary AMD Ryzen™ AI Software includes the tools and runtime libraries for optimizing and deploying AI inference on AMD Ryzen™ AI powered PCs. Ryzen™ AI software enables applications to run on the...

AMD µPROF Security Notice

Bulletin ID: AMD-SB-9001 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary AMD μProf “MICRO-prof” is a software profiling analysis tool for x86 applications running on Windows®, Linux® and FreeBSD® operating systems and is designed to...

Ryzen™ Master Monitoring SDK & AMD Ryzen™ Master Utility Incorrect Default Permission Vulnerabilities

Bulletin ID: AMD-SB-9004 Potential Impact: Incorrect Default Permissions Leading to Arbitrary Execution Severity: High Summary The AMD Ryzen™ Master Monitoring SDK is a public distribution that is designed to allow software developers to add processor and memory functions to their own utilities...

SPI Lock Bypass

Bulletin ID: AMD-SB-1041 Potential Impact: System Integrity Severity: High Summary Potential weaknesses in AMD’s SPI protection features may allow an attacker to bypass the native System Management Mode SMM ROM protections. CVE Details CVE-2022-23829 A potential weakness in AMD SPI protection...

Side-channels Related to the x86 PREFETCH Instruction

Bulletin ID: AMD-SB-1017 Potential Impact: Leaked kernel address space information Severity: Medium Summary Researchers from Graz University of Technology with CISPA Helmholtz Center for Information Security have demonstrated timing and power-based side channel attacks leveraging the x86 PREFETCH...

AMD CPU Microcode Signature Verification Vulnerability

AMD ID: AMD-SB-7033 Potential Impact: Loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment Severity: Medium Summary Researchers from Google®have provided AMD with a report titled “AM...

AMD Embedded Processors Vulnerabilities – February 2025

AMD ID: AMD-SB-5004 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Embedded processors were reported, and mitigations are being provided through Platform Initialization PI firmware packages...

AMD Management Plugin for SCCM Incorrect Default Permissions Vulnerability

Bulletin ID: AMD-SB-9005 Potential Impact: Incorrect Default Permissions Leading to Arbitrary Execution Severity: High Summary An incorrect default permissions vulnerability is identified within the AMD Management Plugin for the Microsoft® System Center Configuration Manager SCCM. The plugin is...

State Injection Into Hardware Prefetchers

Bulletin ID: AMD-SB-7023 Potential Impact: Data leakage via Side Channels Severity: N/A Summary A research paper titled ‘ ShadowLoad: Injecting State into Hardware Prefetchers ’ was provided to AMD in February 2024. The paper discusses the possibility for prefetchers to be used to inject cache...

AMD Server Processor Vulnerabilities – February 2025

AMD ID: AMD-SB-3009 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor ASP, AMD Secure Encrypted Virtualization SEV, AMD Secure Encrypted Virtualization – Secure Nested Paging SEV-SN...

AMD SEV Confidential Computing Vulnerability

AMD ID: AMD-SB-3019 Potential Impact: Loss of the SEV-based protection of a confidential guest. Severity: High Summary Researchers from Google®have provided AMD with information on a potential vulnerability that, if successfully exploited, could lead to the loss of SEV-based protection of a...

AMD Graphics Driver Installer Vulnerability

Bulletin ID: AMD-SB-6015 Potential Impact: Incorrect Default Permissions Leading to Arbitrary Execution Severity: High Summary A researcher reported an incorrect default permissions vulnerability within AMD HIP SDK Software. The AMD HIP SDK is a software development kit SDK designed to allow...

Guest Memory Vulnerabilities

AMD ID: AMD-SB-3011 Potential Impact: Confidentiality and Integrity Severity: High Summary A researcher has reported to AMD three potential vulnerabilities in Secure Encrypted Virtualization – Secure Nested Paging SEV-SNP. The reports detail ways that a malicious hypervisor controlled by the host...

Exploiting the Conditional Branch Predictor

AMD ID: AMD-SB-7015 Potential Impact: N/A Severity: N/A Summary Researchers from the University of California San Diego have shared with AMD a paper titled “Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor” that explores methods for forcing a branch...

RDSEED Failure on AMD “Zen 5” Processors

Summary AMD was notified of a bug in “Zen 5” processors that may cause the RDSEED instruction to return 0 at a rate inconsistent with randomness while incorrectly signaling success CF=1, indicating a potential misclassification of failure as success. This issue was initially reported publicly via...

Radeon™ Driver for DirectX® 11 Shader Vulnerabilities

AMD ID: AMD-SB-6012 Potential Impact: Arbitrary Code Execution Severity: High Summary AMD has received a report from a researcher at Cisco Talos detailing two arbitrary write vulnerabilities in the AMD Radeon™ user mode driver for DirectX® 11...

AMD SEV VM Power Side Channel Security Bulletin

Bulletin ID: AMD-SB-3004 Potential Impact: Information disclosure Severity: Low Summary Researchers have reported a potential power side-channel attack using the Running Average Power Limit RAPL interface on AMD SEV VMs. The researchers focused only on the first generation of AMD SEV technology a...

AMD Cloud Manageability Service Incorrect Default Permissions Vulnerability

Bulletin ID: AMD-SB-9006 Potential Impact: Incorrect Default Permissions Leading to Arbitrary Execution Severity: High Summary A researcher reported an incorrect default permissions vulnerability within the AMD Cloud Manageability Service ACMS Software. ACMS is designed to help enable IT...

AMD RESPONSE TO “I see dead µops: leaking secrets via Intel/AMD micro-op caches” RESEARCH PAPER

Bulletin ID: AMD-SB-1006 Summary AMD has reviewed the research paper and believes existing mitigations were not being bypassed and no new mitigations are required. AMD recommends its existing side-channel mitigation guidance and standard secure coding practices be followed. CVE Details None...

TDXRay: Microarchitectural Side-Channel Analysis of Intel TDX for Real-World Workloads

Affected Products AMD EPYC™ Series Processors AMD EPYC™ 7003 Series Processors AMD EPYC™ 8004 Series Processors AMD EPYC™ 9004 Series Processors AMD EPYC™ 9005 Series Processors AMD EPYC™ Embedded Series Processors AMD EPYC™ Embedded 7003 AMD EPYC™ Embedded 8004 AMD EPYC™ Embedded 9004 AMD EPYC™...

Spectre-Branch Status Eviction (BSE) Vulnerability on ARM® Processors

AMD ID: AMD-SB-8007 Potential Impact: N/A Severity: N/A Summary According to the ARM® security team, Spectre-BSE exploits a microarchitectural mechanism that equips an adversary with a weak form of control over the victim’s branch history despite existing protections. This can lead to exploitativ...

AMD Graphics Driver for Linux®

AMD ID: AMD-SB-6021 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Researchers have reported potential vulnerabilities affecting AMD Graphics Driver for Linux®...

AMD Provisioning Console Incorrect Default Permissions Vulnerability

Bulletin ID: AMD-SB-9007 Potential Impact: Incorrect Default Permissions Leading to Arbitrary Execution Severity: High Summary A researcher reported an incorrect default permissions vulnerability within the AMD Provisioning Console Software. The researcher’s report noted that AMD Provisioning...

AMD Graphics Vulnerabilities – August 2025

Summary Audits performed on AMD graphics and datacenter accelerator products, as well as external reports received by AMD, uncovered potential vulnerabilities affecting AMD graphics, datacenter, and some client processors...

AMD Transient Scheduler Attacks

AMD ID: AMD-SB-7029 Potential Impact: Loss of Confidentiality Severity: Medium Summary AMD discovered several transient scheduler attacks related to the execution timing of instructions under specific microarchitectural conditions while investigating a Microsoft® report titled “Enter, Exit, Page...

AMD Manageability Tools Vulnerabilities

AMD ID: AMD-SB-9015 Potential Impact: Arbitrary Code execution Severity: High Summary Vulnerabilities were reported in various AMD Manageability Tools. AMD has provided mitigations for these issues. Please refer to Affected Products and Mitigations below...

AMD Graphics Driver Vulnerabilities – February 2025

AMD ID: AMD-SB-6008 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary AMD received reports of vulnerabilities potentially affecting some AMD Graphics products. Refer to the CVE Details section for information about each CVE...

AMD Athlon™, AMD Ryzen™, and AMD Ryzen™ Embedded Series Processor Vulnerabilities – May 2026

CVE Details Refer to Glossary for explanation of terms CVE ID| CVE Description| CVSS ---|---|--- CVE-2021-46747| Insufficient granularity of access control in AMD Secure Processor ASP may allow an attacker with an untrusted user space application to map sensitive System Management Network SMN...

AMD Embedded Vulnerabilities – August 2025

Summary Potential vulnerabilities in AMD Embedded processors were reported, and mitigations are being provided through Platform Initialization PI firmware packages...

Microarchitectural Cache Side-Channel Attacks

Bulletin ID: AMD-SB-7025 Potential Impact: N/A Severity: N/A Summary Researchers from Azure® Research, Microsoft® have provided to AMD a paper titled “Principled Microarchitectural Isolation on Cloud CPUs.” In their paper, the researchers describe a potential side-channel vulnerability on AMD CPU...