52 matches found
CVE-2021-26363
CVE-2021-26363 affects AMD ASP/SMU firmware where a malicious or compromised UApp or ABL could modify the ASP’s reserved DRAM value outside the fenced area, potentially exposing data. The vulnerability is documented in AMD SB-1027 with platform-specific mitigations (e.g., Raven Ridge AM4 family),...
CVE-2023-20598
The CVE concerns the AMD Radeon graphics driver where improper privilege management (insufficient access control) in IOCTL handling could allow an authenticated attacker to craft IOCTLs to access arbitrary hardware ports or physical addresses, potentially enabling arbitrary code execution. The is...
CVE-2021-26366
CVE-2021-26366 is documented by AMD in AMD-SB-1027 as a vulnerability where an attacker with elevated privileges could read data from Boot ROM, compromising system integrity. The AMD bulletin lists CVE-2021-26366 under desktop/mobile/server SKUs and ties it to AGESA PI firmware fixes. Mitigation:...
CVE-2021-26317
CVE-2021-26317: The AMD SMM protocol verification failure allows an attacker to take control of the SMM protocol and modify SPI flash, potentially enabling arbitrary code execution. Public documentation ties this to AMD’s SMM/ASP/SEV family and lists it among AMD client vulnerabilities with a hig...
CVE-2021-26362
Summary: CVE-2021-26362 describes a vulnerability in AMD System Management Unit (SMU) where a malicious or compromised UApp/ABL can issue a malformed system call to map sensitive SMN registers, potentially compromising integrity and availability. The CVE is associated with AMD platforms and is mi...
CVE-2020-12985
CVE-2020-12985 refers to an insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10, which may lead to escalation of privileges or a denial of service. Affected product: AMD Graphics Driver for Windows 10. Root cause: insufficient pointer validation in the driver. ...
CVE-2021-26361
The CVE-2021-26361 vulnerability affects AMD ASP/AGESA Boot Loader where a malicious or compromised UApp or ABL could exfiltrate arbitrary memory from the ASP stage 2 bootloader, leading to information disclosure. The issue is tied to the boot firmware stack (AGESA PI) across multiple AMD platfor...
CVE-2020-12930
CVE-2020-12930 is an AMD ASP/PSP driver vulnerability described as improper parameter handling that could allow a privileged attacker to elevate privileges, potentially compromising integrity. The AMD security bulletin AMD-SB-5001 maps this CVE to various AMD Embedded/ Ryzen platforms and provide...
CVE-2020-12981
CVE-2020-12981 affects AMD Graphics Driver for Windows 10. It stems from insufficient input validation in the driver, allowing unprivileged users to unload the driver and potentially cause memory corruption in high-privileged processes, leading to privilege escalation or denial of service. Remedi...
CVE-2021-26369
CVE-2021-26369 : AMD systems vulnerable when a malicious or compromised UApp or ABL sends a malformed system call to the bootloader, causing out-of-bounds memory accesses in the AMD System Management Unit/boot path. The AMD bulletin AMD-SB-1027 aggregates this with multiple platform family mitiga...
CVE-2021-26393
CVE-2021-26393 describes insufficient memory cleanup in the AMD Secure Processor (ASP) TEE, which could allow an authenticated user with privileges to generate a valid signed TA and potentially poison process memory, leading to confidentiality loss. The connected AMD security bulletin (AMD-SB-500...
CVE-2020-12982
CVE-2020-12982 is an issue in the AMD Graphics Driver for Windows 10 describing an invalid object pointer free vulnerability that could lead to privilege escalation or denial of service . The AMD security bulletin AMD-SB-1000 attributes this CVE to the AMD graphics stack and lists mitigations: Ra...
CVE-2020-12891
CVE-2020-12891 (AMD Radeon Software) vulnerability involves DLL hijacking via the DLL search path. An unprivileged user could drop a malicious DLL in any location on the PATH, potentially impacting AMD Radeon Software for Windows. Affected: AMD Radeon Software for Windows 10 and related AMD Graph...
CVE-2020-12902
AMD Graphics Driver for Windows 10 is affected by CVE-2020-12902, described as Arbitrary Decrement Privilege Escalation. The vulnerability is noted in multiple sources (NVD entry and Intel advisory) as a local-exploitation issue with potential for privilege escalation and denial of service. The A...
CVE-2020-12931
The CVE-2020-12931 issue affects the AMD Secure Processor (ASP) kernel, caused by improper parameter handling, enabling a privileged attacker to elevate privileges and potentially compromise integrity. AMD’s AMD-SB-5001 bulletin maps this vulnerability across ASP/PSP components (ASP kernel) and p...
CVE-2020-12983
CVE-2020-12983 : The AMD Graphics Driver for Windows 10 contains an out-of-bounds write vulnerability that may lead to privilege escalation or denial of service. AMD-SB-1000 details the affected products and mitigations, listing mitigated versions starting at 20.7.1+ for AMD Radeon Software (Ente...
CVE-2020-12986
CVE-2020-12986 is an AMD Graphics Driver for Windows 10 vulnerability described as an insufficient pointer validation issue that can enable arbitrary code execution in the kernel, causing privilege escalation or denial of service. The AMD Security Bulletin AMD-SB-1000 lists this CVE and notes mit...
CVE-2020-12980
CVE-2020-12980 is a vulnerability in the AMD Graphics Driver for Windows 10 described as an out-of-bounds write and read . The available connected documents confirm the affected component and the impact: potential for escalation of privilege or denial of service . The AMD security bulletin AMD-SB...
CVE-2020-12894
CVE-2020-12894 affects AMD Graphics Driver for Windows 10. Root cause: Arbitrary Write in Escape 0x40010d, potentially allowing arbitrary writes to kernel memory and denial of service. Mitigations are available: AMD bulletin AMD-SB-1000 lists mitigated versions (e.g., 20.7.1+ for AMD Radeon Softw...
CVE-2021-26392
CVE-2021-26392 involves insufficient verification of a missing size check in LoadModule, leading to an out-of-bounds write that could enable code execution in the OS/kernel via loading a malicious TA. AMD’s related bulletin (AMD-SB-5001) labels this CVE as Medium and provides mitigations through ...
CVE-2021-46748
CVE-2021-46748 involves insufficient bounds checking in the AMD Secure Processor (ASP), potentially allowing a local attacker to access memory outside the bounds allowed to a Trusted Application, causing a denial of service. Connected sources confirm impact on AMD graphics components and ASP inte...
CVE-2021-26360
CVE-2021-26360 describes a local-attack vulnerability in the AMD Secure Processor (ASP) where an attacker with local access can modify the security configuration of the SOC registers, potentially corrupting the ASP’s encrypted memory and enabling arbitrary code execution in the ASP environment. T...
CVE-2020-12987
CVE-2020-12987 is a vulnerability described as a heap information leak/kernel pool address disclosure in the AMD Graphics Driver for Windows 10, potentially enabling a KASLR bypass. The AMD bulletins and third-party references confirm the affected product: AMD Graphics Driver for Windows 10, with...
CVE-2021-26391
CVE-2021-26391 affects AMD firmware/TPM-like trust environment: insufficient verification of multiple header signatures when loading a Trusted Application (TA) may allow a privileged attacker to gain code execution in the TA or OS/kernel. AMD-SB-4001 lists this CVE as Medium severity and provides...
CVE-2020-12964
CVE-2020-12964 affects the AMD Radeon Kernel Driver Escape 0x2000c00 Call handler. A local attacker could escalate privileges, trigger a DoS via Windows BugCheck, or leak information. AMD’s bulletin AMD-SB-1000 associates mitigations with specific driver versions: AMD Radeon Software for Windows ...
CVE-2020-12900
CVE-2020-12900 is an arbitrary write vulnerability affecting the AMD Radeon Graphics Driver for Windows 10. The AMD Radeon Graphics Driver for Windows 10 is the affected product; the flaw potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service. According...
CVE-2021-26367
CVE-2021-26367 describes a vulnerability where an attacker with local access could cause a misconfiguration of the Trusted Memory Regions (TMRs) on AMD platforms with AMD Secure Processor (ASP). The root cause is misconfiguration of TMR address ranges, potentially enabling an attacker to set an a...
CVE-2020-12903
CVE-2020-12903 is an Out of Bounds Write and Read in the AMD Graphics Driver for Windows 10, specifically in Escape 0x6002d03, which may lead to escalation of privilege or denial of service. Affected product: AMD Graphics Driver for Windows 10. The AMD Security Bulletin AMD-SB-1000 documents this...
CVE-2020-12898
CVE-2020-12898 is a Stack Buffer Overflow in the AMD Graphics Driver for Windows 10. Affected: AMD Graphics Driver for Windows 10. Risk: escalation of privilege or denial of service (per NVD). Root cause: stack overflow in the driver’s code path. Mitigation: AMD bulletin AMD-SB-1000 lists CVE-202...
CVE-2020-12905
CVE-2020-12905 affects AMD Graphics Driver for Windows 10 (Escape 0x3004403) with an Out-of-Bounds Read that can lead to arbitrary information disclosure. Affected component is the AMD Graphics Driver; root cause is an out-of-bounds read in the Escape handling. The CVE is listed in multiple sourc...
CVE-2020-12962
CVE-2020-12962 affects the AMD Graphics Driver for Windows. Vulnerability: Escape call interface may lead to privilege escalation. Affected product: AMD Graphics Driver for Windows 10; root cause tied to Escape call interface handling. Impact: local privilege escalation with high CVSS v3.1 score ...
CVE-2023-31320
CVE-2023-31320 affects the AMD Radeon Graphics display driver. The root cause is improper input validation, which can allow an attacker to corrupt the display and potentially cause a denial of service. According to NVD, CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (base score 7.5, HIGH). AMD’s ...
CVE-2020-12895
Vulnerability CVE-2020-12895: Pool/Heap Overflow in AMD Graphics Driver for Windows 10 (Escape 0x110037) can lead to escalation of privilege, information disclosure, or denial of service. Affected product: AMD Graphics Driver for Windows 10. Root cause: heap/ pool overflow in Escape call handling...
CVE-2023-20567
The CVE-2023-20567 entry concerns the Radeon RX Vega M Graphics driver for Windows, with the root cause being improper signature verification in AMDSoftwareInstaller.exe. This vulnerability could allow an attacker with admin privileges to execute arbitrary code by launching the signed-update tool...
CVE-2024-21937
CVE-2024-21937 concerns the AMD HIP SDK installation directory where incorrect default ACL permissions are inherited from the parent folder. This could allow a local, low-privileged attacker to escalate privileges and potentially achieve arbitrary code execution. The AMD-SB-6015 bulletin document...
CVE-2020-12893
CVE-2020-12893 affects AMD Graphics Driver for Windows 10. The vendor data indicates a Stack Buffer Overflow in the driver’s Escape 0x15002a path, which may lead to escalation of privilege or denial of service. Affected product family is the AMD Graphics Driver for Windows 10; mitigation is avail...
CVE-2020-12897
CVE-2020-12897 affects AMD Graphics Driver for Windows 10. It describes a Kernel Pool Address disclosure that may lead to a KASLR bypass, enabling information disclosure and potential privilege escalation on a local system. The AMD bulletin AMD-SB-1000 documents mitigations and assigns patched ve...
CVE-2023-20568
CVE-2023-20568 involves improper signature verification in the Radeon RX Vega M Graphics driver for Windows, allowing an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature and potentially achieve arbitrary code execution. The issue affects Radeon RX...
CVE-2020-12904
CVE-2020-12904 affects AMD Graphics Driver for Windows 10. Issue: Out of Bounds Read in Escape 0x3004203, leading to potential information disclosure. Affected product: AMD Graphics Driver for Windows 10. Impact: partial information disclosure (per CVSS data: local, low to medium, confidentiality...
CVE-2020-12920
CVE-2020-12920 refers to a potential denial-of-service issue in the AMD Display/Graphics Driver when handling Escape 0x130007 calls, where a low-privilege local attacker could trigger a Windows BugCheck. The vulnerability affects AMD Graphics Driver for Windows 10 and is documented in AMD’s secur...
CVE-2020-12963
CVE-2020-12963 is an insufficent pointer validation vulnerability in the AMD Graphics Driver for Windows 10. It affects AMD Graphics Driver for Windows 10; unprivileged users could compromise the system. Mitigations: update to AMD Radeon Software / Enterprise Driver versions 20.11.2+ (and 21.Q1 E...
CVE-2020-12929
CVE-2020-12929 affects the AMD Graphics Driver for Windows 10. It is caused by improper parameter validation in some trusted PSP applications, enabling a local attacker to bypass security restrictions and achieve arbitrary code execution. According to AMD’s bulletin, this CVE is mitigated in Rade...
CVE-2023-20510
CVE-2023-20510 involves insufficient DRAM address validation in PMFW, allowing a privileged local attacker to read from an invalid DRAM address into SRAM, potentially causing data corruption or a denial of service. Affected component: PMFW; underlying cause: DRAM address validation flaw. The prov...
CVE-2020-12901
CVE-2020-12901 affects the AMD Graphics Driver for Windows 10, with the issue described as Arbitrary Free After Use that may lead to a KASLR bypass or information disclosure. Connected sources confirm the affected product (AMD Graphics Driver for Windows 10) and the underlying consequence. Mitiga...
CVE-2020-12892
CVE-2020-12892 is an AMD graphics driver vulnerability affecting Windows 10 AMD Radeon Software and Radeon Settings Installer. Root cause: an untrusted search path in the installer could allow privilege escalation or unauthorized code execution. Impact per sources: local privilege escalation with...
CVE-2020-12899
CVE-2020-12899 is an Arbitrary Read vulnerability in AMD Graphics Driver for Windows 10 that may enable KASLR bypass or denial of service. Connected sources confirm the AMD driver as affected and cite mitigations: AMD-SB-1000 lists updated driver versions (e.g., 20.11.2+ for some packages and 21....
CVE-2020-12960
CVE-2020-12960 affects AMD Graphics Driver for Windows 10, specifically the amdfender.sys component. The issue is an input validation fault in InputBuffer that may cause a denial of service. Affected product family is AMD Graphics Driver for Windows 10 (kernel/user-space interaction via amdfender...
CVE-2023-20586
CVE-2023-20586 affects Radeon Software Crimson ReLive Edition. The issue is an insufficient bounds check that may allow an out-of-bounds read via an IRP, potentially enabling privilege escalation. The AMD bulletin AMD-SB-6007 notes the software falls outside the security lifecycle and AMD does no...
CVE-2023-31307
CVE-2023-31307 involves improper validation of an array index in Power Management Firmware (PMFW), allowing a local, privileged attacker to trigger an out-of-bounds memory read and potentially cause a denial of service. The issue is documented across multiple sources, referencing PMFW as the vuln...
CVE-2023-20548
CVE-2023-20548 describes a TOCTOU race in the AMD Secure Processor (ASP) that could lead to memory corruption with impacts to integrity, confidentiality, and availability. Affected component is ASP; the underlying issue is a race condition between checks and usage that attackers could potentially...