186 matches found
TPM Out of Bounds Access
Bulletin ID: AMD-SB-7002 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Researchers have identified two potential vulnerabilities that affect systems using the TPM 2.0 reference implementation, including some systems using AMD CPUs...
AMD Response to Log4j (Log4Shell) Vulnerability
Bulletin ID: AMD-SB-1034 Potential Impact: Remote Code Execution Severity: Critical Summary 1/17/2022 Update: AMD has completed our investigation of the Apache Log4j vulnerability. AMD believes no AMD products are affected. 12/15/2021: AMD is actively investigating potential impacts of the Apache...
AMD CPU Branch Type Confusion
Bulletin ID: AMD-SB-1037 Potential Impact: Information disclosure, arbitrary speculative code execution Severity: Medium Summary This security bulletin addresses two issues related to CVE-2017-5715 previously known as Spectre Variant 2. As part of our efforts to continue improving security...
AMD Server Vulnerabilities – January 2023
Bulletin ID: AMD-SB-1032 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...
AMD Radeon™ Graphics Kernel Driver Privilege Management Vulnerability
Bulletin ID: AMD-SB-6009 Potential Impact: Arbitrary code execution Severity: High Summary A potential vulnerability was reported in the AMD Radeon™ Software Adrenalin Edition and PRO Edition kernel pdfwkrnl.sys driver which may allow arbitrary code execution. Current AMD analysis shows the attac...
Execution Unit Scheduler Contention Side-Channel Vulnerability on AMD Processors
Bulletin ID: AMD-SB-1039 Potential Impact: Information Disclosure Severity: Medium Summary Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2”, “Zen 3” and “Zen 4” that use simultaneous multithreading SMT. By...
Return Address Security Bulletin
Bulletin ID: AMD-SB-7005 Potential Impact: Data Confidentiality Severity: Medium Summary AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack. The attack can result in speculative execution at an attacker-controlled address, potentially leading ...
AMD Client Vulnerabilities – May 2022
Bulletin ID: AMD-SB-1027 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...
Cross-Thread Return Address Predictions
Bulletin ID: AMD-SB-1045 Potential Impact: Information Disclosure Summary AMD internally discovered a potential vulnerability where certain AMD processors may speculatively execute instructions at an incorrect return site after an SMT mode switch that may potentially lead to information disclosur...
AMD Server Vulnerabilities – November 2021
Bulletin ID: AMD-SB-1021 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...
AMD Processor Vulnerabilities
Bulletin ID: AMD-SB-7009 Potential Impact: Refer to the CVE Details section Severity: Refer to the CVE Details section Summary Researchers disclosed multiple potential vulnerabilities that may impact some AMD processors. AMD has assessed the researchers’ findings and is publishing CVEs and...
LFENCE/JMP Mitigation Update for CVE-2017-5715
Bulletin ID: AMD-SB-1036 Potential Impact: Loss of Confidentiality Severity: Medium Summary AMD is providing an update for one recommended mitigation for CVE-2017-5715 previously known as Spectre Variant 2. The speculative execution window of AMD LFENCE/JMP mitigation MITIGATION V2-2 may be large...
SMM Lock Bypass
AMD ID: AMD-SB-7014 Potential Impact: Arbitrary Code Execution Severity: High Summary Researchers from IOActive have reported that it may be possible for an attacker with ring 0 access to modify the configuration of System Management Mode SMM even when SMM Lock is enabled...
AMD Server Vulnerabilities - May 2022
Bulletin ID: AMD-SB-1028 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...
IBPB and Return Stack Buffer Interactions
Bulletin ID: AMD-SB-1040 Potential Impact: Information Disclosure Severity: Medium Summary AMD is aware of a potential vulnerability affecting AMD CPUs where the OS relies on IBPB to flush the return address predictor. This may allow for CVE-2017-5715 previously known as Spectre Variant 2 attacks...
AMD Server Vulnerabilities – Nov 2023
Bulletin ID: AMD-SB-3002 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Unit SMU, AMD Secure Encrypted Virtualization SEV, AMD Secure Encrypted...
AMD Graphics Driver Vulnerabilities – November 2022
Bulletin ID: AMD-SB-1029 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary AMD received reports of vulnerabilities potentially affecting some AMD Graphics products. Refer to the CVE Details section for information about each CVE. CVE...
Client Vulnerabilities – Aug 2024
Bulletin ID: AMD-SB-4004 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Secure Processor ASP, and other platform components were reported. Mitigations are being provided in Platform Initialization PI...
AMD CPUs May Transiently Execute Beyond Unconditional Direct Branch
Bulletin ID: AMD-SB-1026 Potential Impact: Data leakage Severity: Medium Summary AMD is providing an update for one recommended mitigation, mitigation G-5, in the “Software Techniques for Managing Speculation on AMD processors” white paper. Mitigation G-5 helps address potential vulnerabilities...
SEV-SNP Routing Misconfiguration
CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-54510| A missing lock verification in AMD Secure Processor ASP firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based...
AMD Embedded Processors Vulnerabilities – February 2024
Bulletin ID: AMD-SB-5001 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Embedded processors were reported, and mitigations are being provided through Platform Initialization PI firmware packages. CVE...
AMD INVD Instruction Security Notice
Bulletin ID: AMD-SB-3005 Potential Impact: Memory integrity Severity: Medium Summary External researchers reported a potential vulnerability with the INVD instruction that may lead to a loss of SEV-ES and SEV-SNP guest virtual machine VM memory integrity. CVE Details Refer to Glossary for...
AMD Ryzen™ Master Security Bulletin
Bulletin ID: AMD-SB-1052 Potential Impact: Privilege Escalation Severity: High Summary AMD Ryzen™ Master is a software tool that gives users advanced, real-time control of system performance. AMD Ryzen™ Master allows the user to control various clock and voltage settings in real time. CVE Details...
AMD Server Vulnerabilities – August 2024
Bulletin ID: AMD-SB-3003 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor ASP, AMD Secure Encrypted Virtualization SEV, AMD Secure Encrypted Virtualization – Secure Nested Paging...
Disrupting AMD SEV-SNP on Linux® With Interrupts
AMD ID: AMD-SB-3008 Potential Impact: N/A Severity: N/A Summary Researchers from ETH Zurich have shared with AMD a paper titled “Heckler: Disrupting AMD SEV-SNP with Interrupts.” In their paper, the researchers report that a malicious hypervisor can potentially break confidentiality and integrity...
AMD μProf Security Bulletin
Bulletin ID: AMD-SB-7003 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary AMD μProf “MICRO-prof” is a software profiling analysis tool for x86 applications running on Windows, Linux and FreeBSD operating systems and provides event...
Speculative Load Disordering
Bulletin ID: AMD-SB-1035 Potential Impact: Data Leakage Severity: Low Summary AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage. CVE Details...
AMD Client Vulnerabilities – November 2023
Bulletin ID: AMD-SB-4002 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Secure Processor ASP, AMD System Management Unit SMU, and other platform components were reported, and mitigations are being...
OpenSSL Vulnerabilities
Bulletin ID: AMD-SB-7001 Potential Impact: Denial of Service, Remote Code Execution Severity: High Summary OpenSSL announced two high severity vulnerabilities affecting certain versions of their product. Currently, AMD believes potential impact is limited to the ReLive streaming feature which mak...
Client Vulnerabilities – May 2023
Bulletin ID: AMD-SB-4001 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Secure Processor ASP, AMD System Management Unit SMU, and other platform components were discovered, and mitigations are being...
Speculative Race Conditions (SRCs)
Bulletin ID: AMD-SB-7016 Potential Impact: Speculative Race Condition Severity: Varies by CVE, see descriptions below Summary Researchers from IBM Research Europe and Vrije Universiteit Amsterdam have published a paper titled “GhostRace: Exploiting and Mitigating Speculative Race Conditions.” AMD...
AMD Server Vulnerabilities – May 2023
Bulletin ID: AMD-SB-3001 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Unit SMU, AMD Secure Encrypted Virtualization SEV and other platform components...
AMD μProf Security Bulletin
Bulletin ID: AMD-SB-1046 Potential Impact: Denial of service Severity: Medium Summary AMD μProf “MICRO-prof” is a software profiling analysis tool for x86 applications running on Windows, Linux and FreeBSD operating systems and provides event information unique to the AMD “Zen”-based processors a...
SMM Memory Corruption Vulnerability
Bulletin ID: AMD-SB-4003 Potential Impact: Arbitrary Code Execution Severity: High Summary SMM memory corruption vulnerability in SMM driver on some AMD Processors. CVE-2023-20555 Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an...
GPU Memory Leaks
Bulletin ID: AMD-SB-6010 Potential Impact: Data leakage Severity: Medium Summary Researchers from Trail of Bits reported a potential vulnerability, titled “LeftoverLocals.” According to their research, a compromised GPU kernel could potentially read local memory values from another kernel...
Debug Exception Delivery in Secure Nested Paging
Bulletin ID: AMD-SB-3006 Potential Impact: Suppression of guest debug exceptions Severity: Low Summary A researcher has reported that a host can potentially suppress delivery of debug exceptions to SEV-SNP guests that have the restricted injection feature enabled. For example, a software-based...
Uninitialized GPU Register Access
AMD ID: AMD-SB-6013 Potential Impact: Data Leakage Severity: Medium Summary AMD is aware of a publicly available paper titled “Whispering Pixels: Exploiting Uninitialized Register Accesses in Modern GPUs” which describes a technique for potentially leaking pixel data from GPU registers...
AMD Embedded Processors Vulnerabilities – Aug 2024
Bulletin ID: AMD-SB-5002 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Embedded processors were reported, and mitigations are being provided through Platform Initialization PI firmware packages. CVE...
AMD Graphics Driver Vulnerabilities – November 2023
Bulletin ID: AMD-SB-6003 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary AMD received reports of vulnerabilities potentially affecting some AMD Graphics products. Refer to the CVE Details section for information about each CVE. CVE...
AMD Chipset Driver Information Disclosure Vulnerability
Bulletin ID: AMD-SB-1009 Potential Impact: Information Disclosure Severity: Medium Summary Low privileged malicious users may be able to access and leak data through the AMD Chipset Driver. CVE Details CVE-2021-26333 Insufficient access controls in the AMD Link Android app may potentially result ...
AMD SMM Supervisor Vulnerability Security Notice
Bulletin ID: AMD-SB-7011 Potential Impact: Loss of confidentiality, integrity, and availability Severity: High Summary External researchers reported a potential vulnerability during SMM Supervisor initialization which may impact some AMD processors. On systems that do not have Supervisor Mode...
DXE Driver Memory Leaks
Bulletin ID: AMD-SB-4007 Potential Impact: Data Leakage Severity: Medium Summary Potential memory leak vulnerabilities in AMD Driver Execution Environment DXE driver. CVE Details Refer to Glossary for explanation of terms CVE| Severity| Description ---|---|--- CVE-2023-20594| Medium| Improper...
AMD Client Vulnerabilities – January 2023
Bulletin ID: AMD-SB-1031 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary In collaboration with various third parties, AMD platforms were audited for potential security exposures. Potential vulnerabilities in AMD Secure Processor ASP,...
Speculative Code Store Bypass and Floating-Point Value Injection
Bulletin ID: AMD-SB-1003 Potential Impact: Data Leakage Severity: Medium Summary AMD is aware of research from the VUsec group at Vrije Universiteit Amsterdam and believes that these issues are only exploitable in conjunction with software vulnerabilities related to incorrect speculation of...
Missing Use of the Secure Flag in Zynq™ UltraScale+™ SoC Trusted Firmware
Summary A researcher reported that the security state of the calling processor into Trusted Firmware TF-A is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability turn on and off subsystems within the SoC...
Potential Improper Access Control Vulnerability in AMD μProf Tool
Bulletin ID: AMD-SB-1016 Potential Impact: Improper access / Code execution Severity: High Summary Potential improper access control vulnerability in AMD μProf Tool. CVE Details CVE-2021-26334 pThe AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in...
WebGPU Browser-based GPU Cache Side-Channel
Bulletin ID: AMD-SB-6011 Potential Impact: GPU Cache Attacks from the Browser Severity: Summary AMD is aware of a paper titled “Generic and Automated Drive-by GPU Cache Attacks from the Browser” being published by researchers from Graz University of Technology and The University of Rennes. AMD do...
SEV-SNP Firmware Vulnerabilities
Bulletin ID: AMD-SB-3007 Potential Impact: Data leakage CVE-2023-31346 and loss of integrity CVE-2023-31347 Severity: Refer to the CVE Details section Summary This bulletin addresses two SEV firmware vulnerabilities reported by an external researcher. Refer to the CVE Details section below. CVE...
RDSEED Failure on AMD “Zen 5” Processors
Summary AMD was notified of a bug in “Zen 5” processors that may cause the RDSEED instruction to return 0 at a rate inconsistent with randomness while incorrectly signaling success CF=1, indicating a potential misclassification of failure as success. This issue was initially reported publicly via...
AMD Graphics Driver for Windows 10
Bulletin ID: AMD-SB-1000 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary In a comprehensive analysis of the AMD Escape calls, a potential set of weaknesses in several APIs was discovered, which could result in escalation of privilege...