182 matches found
AMD Graphics Driver Installer Vulnerability
Bulletin ID: AMD-SB-6015 Potential Impact: Incorrect Default Permissions Leading to Arbitrary Execution Severity: High Summary A researcher reported an incorrect default permissions vulnerability within AMD HIP SDK Software. The AMD HIP SDK is a software development kit SDK designed to allow...
AMD Management Console Incorrect Default Permissions Vulnerability
Bulletin ID: AMD-SB-9003 Potential Impact: Incorrect Default Permissions Leading to Arbitrary Execution Severity: High Summary A researcher reported an incorrect default permissions vulnerability within AMD Management Console Software. AMD Management Console AMC is a GUI-based manageability...
Return Address Stack Side Channel
Bulletin ID: AMD-SB-7031 Potential Impact: N/A Severity: N/A Summary Researchers from the Google® Security Team have reported to AMD a new method of exploiting the previously reported CVE-2023-20569 “Inception” vulnerability on “Zen 3” and “Zen 4” based architectures. AMD believes that the...
Potential Vulnerabilities When Deviating From ARM® AXI Standard Protocol
Revisions Revision Date| Description ---|--- 2025-04-21| Added new researcher paper from same research team 2024-10-30| Initial publication DISCLAIMER The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken...
State Injection Into Hardware Prefetchers
Bulletin ID: AMD-SB-7023 Potential Impact: Data leakage via Side Channels Severity: N/A Summary A research paper titled ‘ ShadowLoad: Injecting State into Hardware Prefetchers ’ was provided to AMD in February 2024. The paper discusses the possibility for prefetchers to be used to inject cache...
Microarchitectural Cache Side-Channel Attacks
Bulletin ID: AMD-SB-7025 Potential Impact: N/A Severity: N/A Summary Researchers from Azure® Research, Microsoft® have provided to AMD a paper titled “Principled Microarchitectural Isolation on Cloud CPUs.” In their paper, the researchers describe a potential side-channel vulnerability on AMD CPU...
Performance Counter Side Channel
Bulletin ID: AMD-SB-3013 Potential Impact: N/A Severity: N/A Summary Researchers from Graz University of Technology, Austria, have reported a way for a malicious hypervisor to monitor performance counters and potentially recover data from a guest VM...
Uninitialized GPU Register Access
AMD ID: AMD-SB-6013 Potential Impact: Data Leakage Severity: Medium Summary AMD is aware of a publicly available paper titled “Whispering Pixels: Exploiting Uninitialized Register Accesses in Modern GPUs” which describes a technique for potentially leaking pixel data from GPU registers...
Efficient Instruction Cache Attacks via Self-Modifying Code Conflicts
Bulletin ID: AMD-SB-7024 Potential Impact: N/A Severity: N/A Summary AMD is aware of a paper titled ‘SMaCK: Efficient Instruction Cache Attacks via Self-Modifying Code Conflicts,’ published by researchers from Iowa State University and Google®. The research paper attempts to extend data-cache-sid...
AMD µPROF Security Notice
Bulletin ID: AMD-SB-9001 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary AMD μProf “MICRO-prof” is a software profiling analysis tool for x86 applications running on Windows®, Linux® and FreeBSD® operating systems and is designed to...
AMD Embedded Processors Vulnerabilities – Aug 2024
Bulletin ID: AMD-SB-5002 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Embedded processors were reported, and mitigations are being provided through Platform Initialization PI firmware packages. CVE...
AMD Graphics Driver Vulnerabilities – August 2024
AMD ID: AMD-SB-6005 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary AMD received reports of vulnerabilities potentially affecting some AMD Graphics products. Refer to the CVE Details section for information about each CVE...
Client Vulnerabilities – Aug 2024
Bulletin ID: AMD-SB-4004 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Secure Processor ASP, and other platform components were reported. Mitigations are being provided in Platform Initialization PI...
AMD Server Vulnerabilities – August 2024
Bulletin ID: AMD-SB-3003 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor ASP, AMD Secure Encrypted Virtualization SEV, AMD Secure Encrypted Virtualization – Secure Nested Paging...
Out of Bounds Read in Arm® Trusted Firmware
Bulletin ID: AMD-SB-8003 Potential Impact: Information Integrity Severity: Refer to the Summary section for details Summary Improper input validation in ARM® Trusted Firmware used in AMD ZynqTM UltraScale+TM MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads potentially...
SMM Lock Bypass
AMD ID: AMD-SB-7014 Potential Impact: Arbitrary Code Execution Severity: High Summary Researchers from IOActive have reported that it may be possible for an attacker with ring 0 access to modify the configuration of System Management Mode SMM even when SMM Lock is enabled...
Guest Memory Vulnerabilities
AMD ID: AMD-SB-3011 Potential Impact: Confidentiality and Integrity Severity: High Summary A researcher has reported to AMD three potential vulnerabilities in Secure Encrypted Virtualization – Secure Nested Paging SEV-SNP. The reports detail ways that a malicious hypervisor controlled by the host...
SPI Lock Bypass
Bulletin ID: AMD-SB-1041 Potential Impact: System Integrity Severity: High Summary Potential weaknesses in AMD’s SPI protection features may allow an attacker to bypass the native System Management Mode SMM ROM protections. CVE Details CVE-2022-23829 A potential weakness in AMD SPI protection...
Exploiting the Conditional Branch Predictor
AMD ID: AMD-SB-7015 Potential Impact: N/A Severity: N/A Summary Researchers from the University of California San Diego have shared with AMD a paper titled “Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor” that explores methods for forcing a branch...
Last-Level Cache Side-Channel Attacks
AMD ID: AMD-SB-7019 Potential Impact: N/A Severity: N/A Summary Researchers from the University of Illinois Urbana-Champaign and Tel Aviv University have published a paper titled “Last-Level Cache Side-Channel Attacks Are Feasible in the Modern Public Cloud.” The paper does not demonstrate any...
Radeon™ Driver for DirectX® 11 Shader Vulnerabilities
AMD ID: AMD-SB-6012 Potential Impact: Arbitrary Code Execution Severity: High Summary AMD has received a report from a researcher at Cisco Talos detailing two arbitrary write vulnerabilities in the AMD Radeon™ user mode driver for DirectX® 11...
Spectre V2 Mitigation Bypass on Linux®
AMD ID: AMD-SB-7018 Potential Impact: N/A Severity: N/A Summary An external researcher has shared a paper with AMD titled “InSpectre Gadget: Inspecting the Residual Attack Surface of Cross-privilege Spectre v2.” AMD is not aware of any impact to AMD products. No customer action is required...
Disrupting AMD SEV-SNP on Linux® With Interrupts
AMD ID: AMD-SB-3008 Potential Impact: N/A Severity: N/A Summary Researchers from ETH Zurich have shared with AMD a paper titled “Heckler: Disrupting AMD SEV-SNP with Interrupts.” In their paper, the researchers report that a malicious hypervisor can potentially break confidentiality and integrity...
AMD Response to “ZENHAMMER: Rowhammer Attacks on AMD Zen-Based Platforms”
AMD ID: AMD-SB-7021 Potential Impact: Memory integrity Severity: N/A Summary On February 26, 2024, AMD received new research related to an industry-wide DRAM issue documented in “ZENHAMMER: Rowhammering Attacks on AMD Zen-based Platforms” from researchers at ETH Zurich. The research demonstrates...
Speculative Race Conditions (SRCs)
Bulletin ID: AMD-SB-7016 Potential Impact: Speculative Race Condition Severity: Varies by CVE, see descriptions below Summary Researchers from IBM Research Europe and Vrije Universiteit Amsterdam have published a paper titled “GhostRace: Exploiting and Mitigating Speculative Race Conditions.” AMD...
WebGPU Browser-based GPU Cache Side-Channel
Bulletin ID: AMD-SB-6011 Potential Impact: GPU Cache Attacks from the Browser Severity: Summary AMD is aware of a paper titled “Generic and Automated Drive-by GPU Cache Attacks from the Browser” being published by researchers from Graz University of Technology and The University of Rennes. AMD do...
SEV-SNP Firmware Vulnerabilities
Bulletin ID: AMD-SB-3007 Potential Impact: Data leakage CVE-2023-31346 and loss of integrity CVE-2023-31347 Severity: Refer to the CVE Details section Summary This bulletin addresses two SEV firmware vulnerabilities reported by an external researcher. Refer to the CVE Details section below. CVE...
AMD Embedded Processors Vulnerabilities – February 2024
Bulletin ID: AMD-SB-5001 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Embedded processors were reported, and mitigations are being provided through Platform Initialization PI firmware packages. CVE...
AMD Processor Vulnerabilities
Bulletin ID: AMD-SB-7009 Potential Impact: Refer to the CVE Details section Severity: Refer to the CVE Details section Summary Researchers disclosed multiple potential vulnerabilities that may impact some AMD processors. AMD has assessed the researchers’ findings and is publishing CVEs and...
AMD UltraScale™/UltraScale+™ FPGA Series RSA Authentication
Bulletin ID: AMD-SB-8002 Potential Impact: Information Integrity Severity: Refer to the Summary section for details Summary Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams. CVE| Severity| CVE...
GPU Memory Leaks
Bulletin ID: AMD-SB-6010 Potential Impact: Data leakage Severity: Medium Summary Researchers from Trail of Bits reported a potential vulnerability, titled “LeftoverLocals.” According to their research, a compromised GPU kernel could potentially read local memory values from another kernel...
Debug Exception Delivery in Secure Nested Paging
Bulletin ID: AMD-SB-3006 Potential Impact: Suppression of guest debug exceptions Severity: Low Summary A researcher has reported that a host can potentially suppress delivery of debug exceptions to SEV-SNP guests that have the restricted injection feature enabled. For example, a software-based...
AMD Server Vulnerabilities – Nov 2023
Bulletin ID: AMD-SB-3002 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Unit SMU, AMD Secure Encrypted Virtualization SEV, AMD Secure Encrypted...
AMD INVD Instruction Security Notice
Bulletin ID: AMD-SB-3005 Potential Impact: Memory integrity Severity: Medium Summary External researchers reported a potential vulnerability with the INVD instruction that may lead to a loss of SEV-ES and SEV-SNP guest virtual machine VM memory integrity. CVE Details Refer to Glossary for...
AMD SMM Supervisor Vulnerability Security Notice
Bulletin ID: AMD-SB-7011 Potential Impact: Loss of confidentiality, integrity, and availability Severity: High Summary External researchers reported a potential vulnerability during SMM Supervisor initialization which may impact some AMD processors. On systems that do not have Supervisor Mode...
AMD Graphics Driver Vulnerabilities – November 2023
Bulletin ID: AMD-SB-6003 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary AMD received reports of vulnerabilities potentially affecting some AMD Graphics products. Refer to the CVE Details section for information about each CVE. CVE...
AMD Client Vulnerabilities – November 2023
Bulletin ID: AMD-SB-4002 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Secure Processor ASP, AMD System Management Unit SMU, and other platform components were reported, and mitigations are being...
AMD Radeon™ Graphics Kernel Driver Privilege Management Vulnerability
Bulletin ID: AMD-SB-6009 Potential Impact: Arbitrary code execution Severity: High Summary A potential vulnerability was reported in the AMD Radeon™ Software Adrenalin Edition and PRO Edition kernel pdfwkrnl.sys driver which may allow arbitrary code execution. Current AMD analysis shows the attac...
DXE Driver Memory Leaks
Bulletin ID: AMD-SB-4007 Potential Impact: Data Leakage Severity: Medium Summary Potential memory leak vulnerabilities in AMD Driver Execution Environment DXE driver. CVE Details Refer to Glossary for explanation of terms CVE| Severity| Description ---|---|--- CVE-2023-20594| Medium| Improper...
SMM Memory Corruption Vulnerability
Bulletin ID: AMD-SB-4003 Potential Impact: Arbitrary Code Execution Severity: High Summary SMM memory corruption vulnerability in SMM driver on some AMD Processors. CVE-2023-20555 Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an...
fTPM Voltage Fault Injection
Bulletin ID: AMD-SB-4005 Potential Impact: Arbitrary Code Execution Severity: High Summary CVE-2023-20589 Researchers at the Technische Universität Berlin have reported the use of voltage fault injection attacks on ASP secure boot targeting fTPM. An attacker with specialized hardware and physical...
OpenSSL Vulnerabilities
Bulletin ID: AMD-SB-7001 Potential Impact: Denial of Service, Remote Code Execution Severity: High Summary OpenSSL announced two high severity vulnerabilities affecting certain versions of their product. Currently, AMD believes potential impact is limited to the ReLive streaming feature which mak...
Return Address Security Bulletin
Bulletin ID: AMD-SB-7005 Potential Impact: Data Confidentiality Severity: Medium Summary AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack. The attack can result in speculative execution at an attacker-controlled address, potentially leading ...
Radeon™ Software Crimson ReLive Edition
Bulletin ID: AMD-SB-6007 Potential Impact: Escalation of Privilege Severity: High Summary Radeon™ Software Crimson ReLive Edition is an advanced graphics software designed for enabling high-performance gaming and engaging VR experiences. A potential vulnerability was reported in Radeon™ Software...
AMD Ryzen™ Master Security Bulletin
Bulletin ID: AMD-SB-7004 Potential Impact: Varies by CVE, see descriptions below Severity: V aries by CVE, see descriptions below Summary AMD Ryzen™ Master is a software tool that provides users access to advanced settings, such as clock and voltage settings, to control system performance in...
AMD μProf Security Bulletin
Bulletin ID: AMD-SB-7003 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary AMD μProf “MICRO-prof” is a software profiling analysis tool for x86 applications running on Windows, Linux and FreeBSD operating systems and provides event...
Speculative Leaks Security Notice
Bulletin ID: AMD-SB-7007 Potential Impact: Loss of Confidentiality Severity: Low Summary External researchers have reported that on some AMD processors a division-by-zero can potentially return speculative data. CVE Details Refer to Glossary for explanation of terms CVE| Severity| CVE Description...
Software based Power Side Channel on AMD CPUs
Bulletin ID: AMD-SB-7006 Potential Impact: Information disclosure Severity: Low Summary A potential leakage of data using software-based power side channels on AMD CPUs was reported to AMD. This issue has also been referred to as ‘Collide + Power’. CVE Details Refer to Glossary for explanation of...
Cross-Process Information Leak
Bulletin ID: AMD-SB-7008 Potential Impact: Information disclosure Severity: Medium Summary Under specific microarchitectural circumstances, a register in “Zen 2” CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which...
AMD SEV VM Power Side Channel Security Bulletin
Bulletin ID: AMD-SB-3004 Potential Impact: Information disclosure Severity: Low Summary Researchers have reported a potential power side-channel attack using the Running Average Power Limit RAPL interface on AMD SEV VMs. The researchers focused only on the first generation of AMD SEV technology a...