Amd Security Vulnerabilities
Improper access control settings in ASPBootloader may allow an attacker to corrupt the return address causing astack-based buffer overrun potentially leading to arbitrary code execution.
9.8CVSS
9.6AI Score
0.003EPSS
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
5.7CVSS
6.1AI Score
0.0005EPSS
Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service.
7.5CVSS
7.5AI Score
0.001EPSS
TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.
5.7CVSS
6.1AI Score
0.001EPSS
An attacker with a compromised ASP couldpossibly send malformed commands to an ASP on another CPU, resulting in an outof bounds write, potentially leading to a loss a loss of integrity.
7.5CVSS
8AI Score
0.001EPSS
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.
6.5CVSS
6.6AI Score
0.001EPSS
Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
4.6CVSS
5.9AI Score
0.001EPSS
Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.
6.5CVSS
6.7AI Score
0.001EPSS
Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.
2.4CVSS
4.6AI Score
0.0005EPSS
Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.
7.5CVSS
7.5AI Score
0.001EPSS
Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.
7.5CVSS
7.6AI Score
0.001EPSS
Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.
7.5CVSS
7.5AI Score
0.001EPSS
Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.
5.3CVSS
5.9AI Score
0.001EPSS
Insufficient DRAM address validation in SystemManagement Unit (SMU) may allow an attacker to read/write from/to an invalidDRAM address, potentially resulting in denial-of-service.
7.5CVSS
7.5AI Score
0.001EPSS
Insufficient input validation inCpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwritingan arbitrary bit in an attacker-controlled pointer potentially leading toarbitrary code execution in SMM.
7.8CVSS
7.7AI Score
0.0004EPSS
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.
5.5CVSS
5.8AI Score
0.0004EPSS
Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.
8.8CVSS
8.6AI Score
0.001EPSS
Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.
8.8CVSS
8.6AI Score
0.001EPSS
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service.
4.4CVSS
4.9AI Score
0.0004EPSS
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.
5.5CVSS
5.7AI Score
0.0004EPSS
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.
7.8CVSS
7.4AI Score
0.0004EPSS
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.
7.8CVSS
8.7AI Score
0.0004EPSS
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution.
6.7CVSS
6.4AI Score
0.0004EPSS
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.
7.8CVSS
8.7AI Score
0.0004EPSS
Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
7.5CVSS
7.1AI Score
0.0005EPSS
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
6.7CVSS
7AI Score
0.0004EPSS
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
6.7CVSS
7AI Score
0.0004EPSS
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
4.7CVSS
6.6AI Score
0.0004EPSS
A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.
8.1CVSS
6.8AI Score
0.001EPSS
A privileged attackercan prevent delivery of debug exceptions to SEV-SNP guests potentiallyresulting in guests not receiving expected debug information.
3.2CVSS
4AI Score
0.0004EPSS
A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.
6.5CVSS
6.3AI Score
0.001EPSS
A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations
9.8CVSS
9.5AI Score
0.001EPSS
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
5.5CVSS
6.7AI Score
0.001EPSS
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.
6.8CVSS
6.7AI Score
0.001EPSS
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
6.5CVSS
6.5AI Score
0.0005EPSS
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
5.5CVSS
6.9AI Score
0.001EPSS
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
4.4CVSS
4.5AI Score
0.0004EPSS
Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.
9.8CVSS
9.6AI Score
0.001EPSS
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
5.5CVSS
5AI Score
0.0004EPSS
An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.
7.8CVSS
7.6AI Score
0.0004EPSS
Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.
7.5CVSS
7.3AI Score
0.0005EPSS
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately...
5.3CVSS
5.3AI Score
0.001EPSS
A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called local memory on various architectures.
6.5CVSS
6.2AI Score
0.001EPSS