Skip to main content

CWE-1262

Improper Access Control for Register Interface

7 CVEs Avg CVSS 5.8 MITRE
0
CRITICAL
3
HIGH
3
MEDIUM
1
LOW
0
POC
0
KEV

Monthly

CVE-2025-54509 MEDIUM This Month

Improper access control in the IOMMU register interface on AMD EPYC server processors allows a high-privileged local attacker to induce non-coherent memory accesses by the AMD Secure Processor (ASP), resulting in loss of system integrity beyond the directly compromised component. Affected processor families span EPYC 8004, 9004, and 9005 series - including embedded variants - covering AMD's current-generation server and embedded datacenter platforms. No public exploit code and no CISA KEV listing exist at time of analysis, but the elevated subsequent integrity impact (SI:H in CVSS 4.0) signals meaningful security boundary degradation, particularly relevant for confidential computing and virtualized environments where ASP integrity is foundational.

Information Disclosure Amd Amd Epyc 9004 Series Processors Amd Epyc 9005 Series Processors Amd Epyc 8004 Series Processors +4
NVD
CVSS 4.0
4.0
EPSS
0.0%
CVE-2025-47385 HIGH This Week

Memory Corruption when accessing trusted execution environment without proper privilege check. [CVSS 7.8 HIGH]

Memory Corruption Wsa8845 Firmware Sar1165p Firmware Lemansau Firmware Qca9377 Firmware +87
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-36194 LOW Monitor

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations. [CVSS 2.8 LOW]

IBM
NVD
CVSS 3.1
2.8
EPSS
0.0%
CVE-2025-20788 MEDIUM This Month

In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117735; Issue ID: MSV-4539.

Denial Of Service Buffer Overflow Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2023-20599 HIGH This Week

CVE-2023-20599 is an improper register access control vulnerability in AMD's ASP (AMD Secure Processor) that allows a privileged local attacker to gain unauthorized access to the Crypto Co-Processor (CCP) registers, potentially compromising cryptographic key management and leading to loss of confidentiality or integrity. The vulnerability affects AMD EPYC and Ryzen processors with ASP implementations. While the CVSS score of 7.9 indicates high severity, exploitation requires high privilege level (PR:H) and local access (AV:L), limiting real-world attack surface; however, this is an actively tracked vulnerability relevant to data center and workstation security.

Privilege Escalation Information Disclosure
NVD
CVSS 3.1
7.9
EPSS
0.0%
CVE-2024-45556 MEDIUM This Month

Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fastconnect 6900 Firmware Fastconnect 7800 Firmware Immersive Home 3210 Platform Firmware Immersive Home 326 Platform Firmware +56
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-6354 HIGH This Week

Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Remote Desktop Manager
NVD
CVSS 3.1
7.2
EPSS
0.8%
EPSS 0% CVSS 4.0
MEDIUM This Month

Improper access control in the IOMMU register interface on AMD EPYC server processors allows a high-privileged local attacker to induce non-coherent memory accesses by the AMD Secure Processor (ASP), resulting in loss of system integrity beyond the directly compromised component. Affected processor families span EPYC 8004, 9004, and 9005 series - including embedded variants - covering AMD's current-generation server and embedded datacenter platforms. No public exploit code and no CISA KEV listing exist at time of analysis, but the elevated subsequent integrity impact (SI:H in CVSS 4.0) signals meaningful security boundary degradation, particularly relevant for confidential computing and virtualized environments where ASP integrity is foundational.

Information Disclosure Amd Amd Epyc 9004 Series Processors +6
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory Corruption when accessing trusted execution environment without proper privilege check. [CVSS 7.8 HIGH]

Memory Corruption Wsa8845 Firmware Sar1165p Firmware +89
NVD
EPSS 0% CVSS 2.8
LOW Monitor

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations. [CVSS 2.8 LOW]

IBM
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117735; Issue ID: MSV-4539.

Denial Of Service Buffer Overflow Android +1
NVD
EPSS 0% CVSS 7.9
HIGH This Week

CVE-2023-20599 is an improper register access control vulnerability in AMD's ASP (AMD Secure Processor) that allows a privileged local attacker to gain unauthorized access to the Crypto Co-Processor (CCP) registers, potentially compromising cryptographic key management and leading to loss of confidentiality or integrity. The vulnerability affects AMD EPYC and Ryzen processors with ASP implementations. While the CVSS score of 7.9 indicates high severity, exploitation requires high privilege level (PR:H) and local access (AV:L), limiting real-world attack surface; however, this is an actively tracked vulnerability relevant to data center and workstation security.

Privilege Escalation Information Disclosure
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fastconnect 6900 Firmware Fastconnect 7800 Firmware +58
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Remote Desktop Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy