Lucene search
+L
AmdMost viewed

186 matches found

Amd
Amd
added 2025/08/12 12:0 a.m.13 views

AMD Server Vulnerabilities – August 2025

Summary Potential vulnerabilities in AMD EPYC™ Processor platforms that affect IOMMU, AMD Secure Encrypted Virtualization – Secure Nested Paging SEV-SNP and other platform components, were found during audits performed internally and by third parties. Mitigations have been provided in AMD EPYC™...

7.5CVSS7.5AI score0.00154EPSS
Exploits0
Amd
Amd
added 2025/06/03 12:0 a.m.13 views

Versal™ Adaptive SoC – Improper Configuration of the Secure Stream Switch during Post-Boot Cryptographic Operations

AMD ID: AMD-SB-8011 Potential Impact: N/A Severity: N/A Summary In Versal™ Adaptive SoC devices, the Platform Loader and Manager PLM implements runtime post-boot software services that allows a remote processor to command the PLM to execute cryptographic operations – including AES, SHA3, RSA, ECD...

3.2CVSS7.2AI score0.00126EPSS
Exploits0
Amd
Amd
added 2025/05/13 12:0 a.m.13 views

AMD uProf Vulnerability

CVE Details Refer to Glossary for explanation of terms CVE| CVSS Severity| CVE Description ---|---|--- CVE-2024-36340| 6.6 MediumCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N| A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points,...

6.6CVSS6.8AI score0.00136EPSS
Exploits0
Amd
Amd
added 2026/06/09 12:0 a.m.12 views

AMD Auto Updater Vulnerability

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2026-40677| The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution.| 7.7...

7.7CVSS5.7AI score0.00435EPSS
Exploits0
Amd
Amd
added 2026/05/12 12:0 a.m.12 views

InstallShield Privilege Escalation

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description ---|--- CVE-2024-14012 Issued by Revenera| https://vulners.com/cve/CVE-2024-14012...

7.3CVSS5.8AI score0.00123EPSS
Exploits0
Amd
Amd
added 2026/04/14 12:0 a.m.12 views

Incorrect use of LocateProtocol Service of the EFI_BOOT_Services table in SMI Handler

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-54502| Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve privilege escalation...

7.5CVSS6AI score0.00145EPSS
Exploits1
Amd
Amd
added 2025/12/09 12:0 a.m.12 views

PCIe Specification Issues

Summary PCIe SIG in industry coordination with CERT CC is releasing details on three PCIe specification issues...

6.5CVSS6.9AI score0.00205EPSS
Exploits0
Amd
Amd
added 2025/11/11 12:0 a.m.12 views

AMD Xilinx Run Time (XRT) Vulnerabilities

Summary The researchers reported vulnerabilities within AMD Xilinx Run Time XRT drivers, particularly in user space XRT driver XOCL. These drivers are delivered as part of the AMD XRT framework. Please refer to the CVE Details section for further information on each of these vulnerabilities...

8CVSS6.8AI score0.00118EPSS
Exploits0
Amd
Amd
added 2025/09/11 12:0 a.m.12 views

Branch Predictor Isolation in KVM-QEMU

Summary Researchers claim new KVM-QEMU primitives allow exploitation of Spectre V2 resulting in information leakage in various cloud scenarios. KVM-QEMU is a combination of KVM Kernel-based Virtual Machine, a Linux kernel module that enables hardware-assisted virtualization and Quick Emulator QEM...

5.5CVSS6.4AI score0.00331EPSS
Exploits0
Amd
Amd
added 2025/08/12 12:0 a.m.12 views

Voltage Fault Injection on SEV Virtual Machines

Summary Researchers shared with AMD a report titled “Voltage Fault Injection on SEV-protected Virtual Machines.” The report noted a Voltage Fault Injection VFI attack targeting AMD EPYC™ 7272 CPUs running Secure Encrypted Virtualization SEV protected virtual machines VMs. Physical attacks such as...

7.3AI score
Exploits0
Amd
Amd
added 2026/04/17 12:0 a.m.11 views

Floating Point Value Injection (FPVI) Variant in AMD CPUs

Summary Researchers shared with AMD a report titled “TREVEX: A Black-Box Detection Framework For Data-Flow Transient Execution Vulnerabilities.” The researchers' paper introduced a Floating-Point Value Injection FPVI variant, which could allow an attacker with a deep understanding of...

5.5CVSS6.1AI score0.00607EPSS
Exploits1
Amd
Amd
added 2026/02/10 12:0 a.m.11 views

AMD Graphics Driver Vulnerabilities – February 2026

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description | CVSS Score ---|---|--- CVE-2024-36324| Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution.| 8.8 High...

8.8CVSS5.8AI score0.00186EPSS
Exploits0
Amd
Amd
added 2025/10/17 12:0 a.m.11 views

Prefetcher Side Channel Attack

Revisions Revision Date| Description ---|--- 2025-10-17| Initial publication...

7AI score
Exploits0
Amd
Amd
added 2025/09/22 12:0 a.m.11 views

DRAM Related Side Channel Attacks

Summary Researchers have provided AMD with a paper titled “Quo VADIS DDR5? Verifying Addressing of DRAM In Software.” In this paper, the authors present an approach to verifying DRAM addressing functions from software using the DRAM row conflict side channel. The authors claim that the presented...

6.5AI score
Exploits0
Amd
Amd
added 2025/08/12 12:0 a.m.11 views

AMD Client Vulnerabilities – August 2025

Summary Potential vulnerabilities in AMD Client Processor platforms that affect SMM, ASP, and other platform components, were found during audits performed internally and by third parties...

8.4CVSS7.4AI score0.00178EPSS
Exploits0
Amd
Amd
added 2025/08/08 12:0 a.m.11 views

Microarchitectural Attacks on the Stack Engine

Summary Researchers from ETH Zurich have published a paper titled “One Flew over the Stack Engine’s Nest: Practical Microarchitectural Attacks on the Stack Engine.” AMD continues to recommend software developers employ existing best practices including constant time algorithm and avoid...

7.1AI score
Exploits0
Amd
Amd
added 2025/08/08 12:0 a.m.11 views

AMD Adrenalin Driver Embedded Chromium Browser

Affected Products and Mitigation AMD recommends users concerned about potential vulnerabilities in Chromium keep the web browser setting disabled until mitigations have been released. AMD is planning to release updates for AMD Software: Adrenalin Edition which will include a newer version of...

7.3AI score
Exploits0
Amd
Amd
added 2025/06/10 12:0 a.m.11 views

Unauthorized Access to AMD Secure Processor’s Crypto-Co-Processor

CVE Details Refer to Glossary for explanation of terms CVE| CVSS Score| CVE Description ---|---|--- CVE-2023-20599| 7.9 High CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N| Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto...

7.9CVSS7.1AI score0.00157EPSS
Exploits0
Amd
Amd
added 2025/06/03 12:0 a.m.11 views

Versal Adaptive SoC – Overwriting Protected Memory Regions through PLM Firmware

AMD ID: AMD-SB-8010 Potential Impact: Loss of confidentiality and Integrity Severity: Medium Summary In Versal™ Adaptive SoC devices, the Platform Loader and Manager PLM implements runtime post-boot software services that can allow a remote processor to command the PLM to execute cryptographic...

6.6CVSS5.8AI score0.00146EPSS
Exploits0
Amd
Amd
added 2025/05/13 12:0 a.m.11 views

Privilege Desynchronization: Cross-Privilege Spectre Attacks with Branch Privilege Injection

AMD ID: AMD-SB-7030 Potential Impact: N/A Severity: N/A Summary Researchers from ETH Zurich have provided AMD with a paper titled “Privilege Desynchronization: Cross-Privilege Spectre Attacks with Branch Privilege Injection.” AMD reviewed the paper and believes that this vulnerability does not...

7.3AI score
Exploits0
Amd
Amd
added 2026/04/14 12:0 a.m.10 views

IOMMU Write Buffer Vulnerability

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2023-20585| Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP...

5.6CVSS6AI score0.00098EPSS
Exploits0
Amd
Amd
added 2026/01/13 12:0 a.m.10 views

Memory Re-orderings as a Timerless Side-channel

Summary Researchers have provided AMD with a paper titled “MEMORY DISORDER: Memory Re-orderings as a Timerless Side-channel” In this work, the authors introduced MEMORY DISORDER, a timerless side-channel attack that exploits memory re-orderings to infer activity on other processes. They showed th...

6.8AI score
Exploits0
Amd
Amd
added 2025/11/11 12:0 a.m.10 views

AMD μProf Vulnerabilities

Summary A bug bounty researcher reported multiple vulnerabilities within the AMD μProf tool. In these reports, the researcher notes that the AMD μProf vulnerability has multiple improper input validation vulnerabilities and an improper return value vulnerability, which could potentially result in...

7.1CVSS7AI score0.00112EPSS
Exploits0
Amd
Amd
added 2025/10/20 12:0 a.m.10 views

Physical Address Bit Leakage on AMD SEV-SNP Systems

Revisions Revision Date| Description ---|--- 2025-10-20| Initial publication...

7AI score
Exploits0
Amd
Amd
added 2025/09/18 12:0 a.m.10 views

Undervoltage-based Static Side-channel Attacks (“Chypnosis”) on FPGAs

Summary This document describes a potential attack technique against FPGA devices that leverages side-channel analysis SCA techniques to physically extract register and memory content from the device. In applications following best practices for security, critical data, such as decryption keys, i...

6.9AI score
Exploits0
Amd
Amd
added 2025/08/06 12:0 a.m.10 views

EDK2 SMM MCE Enablement Issue

Summary A researcher reported a bug in the open source EDK2 system management interrupt SMI entry code when an MCE occurs near the start of the SMI handler. An attacker who can inject a machine check exception MCE could cause execution to jump to an attacker-controlled interrupt handler, leading ...

7.2AI score
Exploits0
Amd
Amd
added 2025/02/11 12:0 a.m.10 views

Last-Level Cache Attack

AMD ID: AMD-SB-7032 Potential Impact: N/A Severity: N/A Summary Researchers from Wuhan University have provided AMD with a paper titled “ZenLeak: Practical Last-Level Cache Side-Channel Attacks on AMD Zen Processors” in which they discuss prime and probe attacks targeting the Last-Level Cache LLC...

7.2AI score
Exploits0
Amd
Amd
added 2026/04/14 12:0 a.m.9 views

Mishandling Resource Contention in AMD Processors

Revisions Revision Date| Description ---|--- 2026-04-14| Initial publication...

5.8AI score
Exploits0
Amd
Amd
added 2026/02/10 12:0 a.m.9 views

Optical Probing of Readback CRC Bus

Revisions Revision Date| Description ---|--- 2026-02-10| Initial publication...

5.4AI score
Exploits0
Amd
Amd
added 2026/02/10 12:0 a.m.9 views

AMD µProf Vulnerability

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-61969| Incorrect permission assignment in AMD µProf performance analysis tool-suite may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in...

7CVSS5.8AI score0.00131EPSS
Exploits0
Amd
Amd
added 2025/07/01 12:0 a.m.9 views

Zynq™ UltraScale+™ SoC Overwriting Protected Memory Regions Through PMU Firmware

AMD ID: AMD-SB-8008 Potential Impact: Loss of confidentiality and Integrity Severity: Medium Summary In Zynq™ UltraScale+™ devices, the Platform Management Unit PMU Firmware is designed to implement runtime post boot software services that allow a remote processor to command the PMU to execute...

6.6CVSS7.7AI score0.00118EPSS
Exploits0
Amd
Amd
added 2025/02/11 12:0 a.m.9 views

AMD DASH CLI Incorrect Default Permissions Vulnerability

AMD ID: AMD-SB-9008 Potential Impact: Arbitrary Code Execution Severity: High Summary A researcher reported an incorrect default permissions vulnerability within the AMD DASH CLI Software. The AMD Desktop and mobile Architecture for System Hardware DASH Command Line Interface CLI is a command-lin...

8.3AI score
Exploits0
Amd
Amd
added 2025/12/03 12:0 a.m.8 views

GPUHammer: Rowhammer Attacks on GPU Memories are Practical

Revisions Revision Date| Description ---|--- 2025-12-03| Initial publication...

7AI score
Exploits0
Amd
Amd
added 2026/02/24 12:0 a.m.7 views

Guest Initiated Machine Check Errors

Summary AMD received a report from the security team at Amazon Web Services AWS indicating that it may be possible for guest VMs to cause a crash of a host system. By flooding the host system with a large number of malformed System Management Interrupts SMIs, it may be possible for a guest VM to...

8.3CVSS5.4AI score0.00247EPSS
Exploits0
Amd
Amd
added 2026/02/10 12:0 a.m.7 views

AMD Vivado™ Design Suite Vulnerabilities

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-52541| Uncontrolled search paths in the 2024.2 Vivado™ installation could allow a lower-level, local user to achieve privilege escalation, potentially resulting in arbitrary code execution...

7.3CVSS5.8AI score0.00147EPSS
Exploits0
Amd
Amd
added 2025/11/11 12:0 a.m.7 views

AMD StoreMi™ Vulnerabilities

Summary Researchers have reported potential vulnerabilities in AMD StoreMi™ technology which may allow escalation of privilege. AMD StoreMi™ technology was a tool for users looking to improve load time, boot time, file management, or system responsiveness. AMD StoreMi™ falls outside of the securi...

7.3CVSS7.2AI score0.00127EPSS
Exploits0
Total number of security vulnerabilities186