Skip to main content

Amd

459 CVEs vendor

Monthly

CVE-2023-20560 MEDIUM This Month

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Amd Denial Of Service Microsoft Ryzen Master Ryzen Master Monitoring Sdk
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-20588 MEDIUM This Month

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Debian Linux Epyc 7351P Firmware Epyc 7401P Firmware +44
NVD
CVSS 3.1
5.5
EPSS
12.4%
CVE-2023-20586 CRITICAL Act Now

A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Amd Privilege Escalation Radeon Software
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-20569 MEDIUM POC This Month

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Amd Information Disclosure Fedora Debian Linux Ryzen 9 5950X Firmware +152
NVD
CVSS 3.1
4.7
EPSS
6.2%
CVE-2023-20562 HIGH PATCH This Week

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Amd Information Disclosure Amd Uprof
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-20561 MEDIUM PATCH This Month

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Denial Of Service Microsoft Amd Uprof
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-20556 MEDIUM PATCH This Month

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Denial Of Service Microsoft Amd Uprof
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-20583 MEDIUM This Month

A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially. Rated medium severity (CVSS 4.7). No vendor patch available.

Amd Information Disclosure
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-20575 MEDIUM This Month

A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Amd Information Disclosure Epyc 7251 Firmware Epyc 7281 Firmware Epyc 7301 Firmware +85
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-3357 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-27672 MEDIUM This Month

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. Rated medium severity (CVSS 4.7). No vendor patch available.

Amd Information Disclosure Athlon X4 750 Firmware Athlon X4 760K Firmware Athlon X4 830 Firmware +162
NVD VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-1048 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Amd Information Disclosure Dram Calculator For Ryzen
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-3108 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.16-rc6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Amd Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-29277 HIGH This Week

Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Memory Corruption Amd Buffer Overflow Genoa Firmware +38
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-27674 HIGH This Week

Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Amd Microsoft Denial Of Service Amd Uprof
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-27673 HIGH This Week

Insufficient access controls in the AMD Link Android app may potentially result in information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Amd Authentication Bypass Google Amd Link
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-23831 HIGH This Week

Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Amd Microsoft Denial Of Service Amd Uprof
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-3344 MEDIUM PATCH This Month

A flaw was found in the KVM's AMD nested virtualization (SVM). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Amd Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-0171 MEDIUM PATCH This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Amd Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-23825 MEDIUM This Month

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Debian Linux Fedora Athlon X4 750 Firmware +123
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-23823 MEDIUM This Month

A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Amd Information Disclosure Athlon X4 750 Firmware Athlon X4 760K Firmware Athlon X4 830 Firmware +139
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-26361 HIGH PATCH This Week

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Amd Buffer Overflow Xen Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-26360 HIGH PATCH This Week

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Amd Buffer Overflow Xen Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-26359 HIGH PATCH This Week

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Amd Buffer Overflow Xen Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-26358 HIGH PATCH This Week

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Amd Buffer Overflow Xen Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26334 CRITICAL Act Now

The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Amd Privilege Escalation Authentication Bypass Amd Uprof
NVD
CVSS 3.1
9.9
EPSS
1.2%
CVE-2021-26335 HIGH This Week

Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Epyc 7003 Firmware Epyc 7002 Firmware Epyc 7001 Firmware +55
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26331 HIGH This Week

AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Epyc 7003 Firmware Epyc 7002 Firmware Epyc 7001 Firmware +55
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26330 MEDIUM This Month

AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Amd Epyc 7003 Firmware Epyc 7002 Firmware +56
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-26320 MEDIUM This Month

Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Denial Of Service Epyc 7601 Firmware Epyc 7551P Firmware Epyc 7551 Firmware +54
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-26315 HIGH This Week

When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Epyc 7003 Firmware Epyc 72F3 Firmware Epyc 7313 Firmware +17
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-26329 MEDIUM This Month

AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Amd Epyc 7601 Firmware Epyc 7551P Firmware Epyc 7551 Firmware +54
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-42327 MEDIUM This Month

dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Amd Memory Corruption Linux Kernel +9
NVD
CVSS 3.1
6.7
EPSS
0.8%
CVE-2021-26318 MEDIUM This Month

A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information. Rated medium severity (CVSS 4.7). No vendor patch available.

Amd Information Disclosure Athlon Firmware Athlon Pro Firmware Epyc Firmware +2
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2021-3653 HIGH POC PATCH This Week

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Amd Information Disclosure Authentication Bypass Linux Kernel +2
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-26333 MEDIUM This Month

An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Chipset Driver Psp Driver
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-28696 MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Amd Authentication Bypass Xen Fedora +1
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-28695 MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Amd Xen Fedora +1
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-28694 MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Amd Xen Fedora +1
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-29657 HIGH POC PATCH This Week

arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available.

Linux Amd Authentication Bypass Linux Kernel
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2021-28692 HIGH This Week

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Amd Xen
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-26311 HIGH This Week

In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Amd Command Injection RCE Epyc 7232P Epyc 7251 +63
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2021-22986 CRITICAL POC KEV THREAT Emergency

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Amd SSRF Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall +12
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.9%
CVE-2020-12927 HIGH This Week

A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Amd Vbios Flash Tool Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12926 MEDIUM This Month

The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Amd Trusted Platform Modules Reference
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2020-12912 MEDIUM This Month

A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Energy Driver For Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-27670 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU. Rated high severity (CVSS 7.8).

Denial Of Service Amd Xen Leap Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12933 MEDIUM PATCH This Month

A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Microsoft Buffer Overflow Amd Information Disclosure +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-12928 HIGH PATCH This Week

A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Amd Ryzen Master
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-12911 MEDIUM PATCH This Month

A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Amd Information Disclosure Atikmdag Sys
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-25602 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Intel Amd Xen Fedora +2
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2020-25596 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Amd Xen Fedora +2
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-6103 CRITICAL POC Act Now

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Amd Radeon Directx 11 Driver Atidxx64 Dll
NVD
CVSS 3.1
9.9
EPSS
2.8%
CVE-2020-6102 CRITICAL POC Act Now

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Amd Radeon Directx 11 Driver Atidxx64 Dll
NVD
CVSS 3.1
9.9
EPSS
2.8%
CVE-2020-6101 CRITICAL POC Act Now

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Amd Radeon Directx 11 Driver Atidxx64 Dll
NVD
CVSS 3.1
9.9
EPSS
2.8%
CVE-2020-6100 CRITICAL POC Act Now

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Amd VMware Radeon Directx 11 Driver Atidxx64 Dll
NVD
CVSS 3.1
9.9
EPSS
2.1%
CVE-2020-1643 MEDIUM This Month

Execution of the "show ospf interface extensive" or "show ospf interface detail" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Juniper Amd Junos
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-15567 HIGH PATCH This Week

An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. Rated high severity (CVSS 7.8).

Denial Of Service Race Condition Privilege Escalation Intel Amd +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-15565 HIGH PATCH This Week

An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Privilege Escalation Denial Of Service Intel Amd Xen +3
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-12138 HIGH POC This Week

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Amd Atillk64
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-8950 HIGH POC This Week

The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Amd Information Disclosure User Experience Program
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-19583 HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Intel Amd Xen Fedora +2
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-19577 HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Privilege Escalation Denial Of Service Intel Amd Xen +1
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2019-5098 HIGH POC This Week

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Amd VMware Information Disclosure Workstation +2
NVD
CVSS 3.1
8.6
EPSS
2.0%
CVE-2019-19083 MEDIUM PATCH This Month

Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). Rated medium severity (CVSS 4.7).

Denial Of Service Linux Amd Linux Kernel Ubuntu Linux +1
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2019-19082 MEDIUM PATCH This Month

Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). Rated medium severity (CVSS 4.7).

Denial Of Service Linux Amd Linux Kernel Ubuntu Linux +1
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2019-19067 MEDIUM PATCH This Month

Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Linux Amd Linux Kernel Ubuntu Linux +1
NVD GitHub
CVSS 3.1
4.4
EPSS
0.5%
CVE-2019-5049 CRITICAL Act Now

An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow VMware Amd Memory Corruption Radeon Rx 550 Firmware +2
NVD
CVSS 3.1
10.0
EPSS
2.0%
CVE-2019-16229 MEDIUM PATCH This Month

drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Rated medium severity (CVSS 4.1).

Null Pointer Dereference Denial Of Service Linux Amd Linux Kernel +2
NVD
CVSS 3.1
4.1
EPSS
0.4%
CVE-2019-1125 MEDIUM POC PATCH This Month

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. Rated medium severity (CVSS 5.6).

Microsoft Information Disclosure Amd Intel Windows 10 +14
NVD Exploit-DB
CVSS 3.1
5.6
EPSS
4.5%
CVE-2019-9836 MEDIUM This Month

Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Amd Secure Encrypted Virtualization Firmware Leap
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2018-19962 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones. Rated high severity (CVSS 7.8). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Amd Information Disclosure Xen Debian Linux Xenserver
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-19961 HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes. Rated high severity (CVSS 7.8).

Amd Information Disclosure Xen Debian Linux Xenserver
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-4253 MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Amd Denial Of Service Information Disclosure Apple +1
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-6547 CRITICAL Act Now

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Amd Plays Tv
NVD
CVSS 3.0
9.1
EPSS
1.1%
CVE-2018-6546 CRITICAL POC THREAT Act Now

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Amd Plays Tv
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
18.1%
CVE-2018-1429 MEDIUM PATCH This Month

IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Amd XSS IBM Mq Appliance
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2018-8936 CRITICAL Act Now

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Amd Ryzen Mobile Firmware Ryzen Pro Firmware Epyc Server Firmware +1
NVD
CVSS 3.0
9.0
EPSS
1.8%
CVE-2018-8935 CRITICAL Act Now

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Pro Firmware Ryzen Firmware
NVD
CVSS 3.0
9.0
EPSS
1.8%
CVE-2018-8934 CRITICAL Act Now

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Pro Firmware Ryzen Firmware
NVD
CVSS 3.0
9.0
EPSS
1.8%
CVE-2018-8933 CRITICAL Act Now

The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Epyc Server Firmware
NVD
CVSS 3.0
9.0
EPSS
1.7%
CVE-2018-8932 CRITICAL Act Now

The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Pro Firmware Ryzen Firmware
NVD
CVSS 3.0
9.0
EPSS
1.7%
CVE-2018-8931 CRITICAL Act Now

The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Mobile Firmware Ryzen Pro Firmware Ryzen Firmware
NVD
CVSS 3.0
9.0
EPSS
1.7%
CVE-2018-8930 CRITICAL Act Now

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Mobile Firmware Ryzen Pro Firmware Epyc Server Firmware +1
NVD
CVSS 3.0
9.0
EPSS
1.8%
CVE-2017-3736 MEDIUM PATCH This Month

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Intel Amd OpenSSL Information Disclosure
NVD GitHub
CVSS 3.0
6.5
EPSS
8.5%
CVE-2017-14431 MEDIUM PATCH This Month

Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Amd Xen
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-7724 HIGH POC This Week

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Amd Information Disclosure Fglrx Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-7723 HIGH POC This Week

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Amd Information Disclosure Fglrx Driver
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7262 MEDIUM This Month

The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Amd Ryzen
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-5926 HIGH POC This Week

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Amd Information Disclosure A64 Athlon Ii 640 X4 E 350 +17
NVD
CVSS 3.0
7.5
EPSS
0.4%
EPSS 0% CVSS 4.4
MEDIUM This Month

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Amd Denial Of Service Microsoft +2
NVD
EPSS 12% CVSS 5.5
MEDIUM This Month

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Debian Linux +46
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Amd Privilege Escalation Radeon Software
NVD
EPSS 6% CVSS 4.7
MEDIUM POC This Month

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Amd Information Disclosure Fedora +154
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Amd Information Disclosure Amd Uprof
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Denial Of Service Microsoft +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Denial Of Service Microsoft +1
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially. Rated medium severity (CVSS 4.7). No vendor patch available.

Amd Information Disclosure
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Amd Information Disclosure Epyc 7251 Firmware +87
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Denial Of Service Null Pointer Dereference +2
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. Rated medium severity (CVSS 4.7). No vendor patch available.

Amd Information Disclosure Athlon X4 750 Firmware +164
NVD VulDB
EPSS 1% CVSS 7.8
HIGH POC This Week

A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Amd Information Disclosure Dram Calculator For Ryzen
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.16-rc6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Amd +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Memory Corruption Amd +40
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Amd Microsoft Denial Of Service +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Insufficient access controls in the AMD Link Android app may potentially result in information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Amd Authentication Bypass +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Amd Microsoft Denial Of Service +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the KVM's AMD nested virtualization (SVM). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Amd Linux Kernel
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Amd +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Debian Linux +125
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Amd Information Disclosure Athlon X4 750 Firmware +141
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Amd Buffer Overflow +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Amd Buffer Overflow +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Amd Buffer Overflow +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Amd Buffer Overflow +3
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Amd Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Epyc 7003 Firmware +57
NVD
EPSS 0% CVSS 7.8
HIGH This Week

AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Epyc 7003 Firmware +57
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Amd +58
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Denial Of Service Epyc 7601 Firmware +56
NVD
EPSS 0% CVSS 7.8
HIGH This Week

When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Epyc 7003 Firmware +19
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Amd Epyc 7601 Firmware +56
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Amd +11
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information. Rated medium severity (CVSS 4.7). No vendor patch available.

Amd Information Disclosure Athlon Firmware +4
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Amd Information Disclosure +4
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Chipset Driver +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Amd Authentication Bypass +3
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Amd +3
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Amd +3
NVD
EPSS 0% CVSS 7.4
HIGH POC PATCH This Week

arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available.

Linux Amd Authentication Bypass +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Amd +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Amd Command Injection RCE +65
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Amd SSRF Big Ip Access Policy Manager +14
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Amd Vbios Flash Tool Software Development Kit
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Amd Trusted Platform Modules Reference
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Energy Driver For Linux
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU. Rated high severity (CVSS 7.8).

Denial Of Service Amd Xen +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Microsoft Buffer Overflow +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Amd Ryzen Master
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Amd +2
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Intel Amd +4
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Amd +4
NVD
EPSS 3% CVSS 9.9
CRITICAL POC Act Now

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 3% CVSS 9.9
CRITICAL POC Act Now

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 3% CVSS 9.9
CRITICAL POC Act Now

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 2% CVSS 9.9
CRITICAL POC Act Now

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Amd +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Execution of the "show ospf interface extensive" or "show ospf interface detail" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Juniper +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. Rated high severity (CVSS 7.8).

Denial Of Service Race Condition Privilege Escalation +6
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Privilege Escalation Denial Of Service Intel +5
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Amd Atillk64
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Amd Information Disclosure +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Intel Amd +4
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Privilege Escalation Denial Of Service Intel +3
NVD
EPSS 2% CVSS 8.6
HIGH POC This Week

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Amd VMware +4
NVD
EPSS 1% CVSS 4.7
MEDIUM PATCH This Month

Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). Rated medium severity (CVSS 4.7).

Denial Of Service Linux Amd +3
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). Rated medium severity (CVSS 4.7).

Denial Of Service Linux Amd +3
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Linux Amd +3
NVD GitHub
EPSS 2% CVSS 10.0
CRITICAL Act Now

An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow VMware Amd +4
NVD
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Rated medium severity (CVSS 4.1).

Null Pointer Dereference Denial Of Service Linux +4
NVD
EPSS 5% CVSS 5.6
MEDIUM POC PATCH This Month

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. Rated medium severity (CVSS 5.6).

Microsoft Information Disclosure Amd +16
NVD Exploit-DB
EPSS 2% CVSS 5.3
MEDIUM This Month

Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Amd Secure Encrypted Virtualization Firmware +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones. Rated high severity (CVSS 7.8). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Amd Information Disclosure Xen +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes. Rated high severity (CVSS 7.8).

Amd Information Disclosure Xen +2
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

An issue was discovered in certain Apple products. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Amd Denial Of Service +3
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Amd Plays Tv
NVD
EPSS 18% CVSS 9.8
CRITICAL POC THREAT Act Now

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Amd Plays Tv
NVD GitHub Exploit-DB
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Amd XSS IBM +1
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Amd Ryzen Mobile Firmware +3
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Pro Firmware +1
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Pro Firmware +1
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Epyc Server Firmware
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Pro Firmware +1
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Mobile Firmware +2
NVD
EPSS 2% CVSS 9.0
CRITICAL Act Now

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Mobile Firmware +3
NVD
EPSS 8% CVSS 6.5
MEDIUM PATCH This Month

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Intel Amd OpenSSL +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Amd Xen
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Amd Information Disclosure Fglrx Driver
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Amd Information Disclosure Fglrx Driver
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Amd Ryzen
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Amd Information Disclosure A64 +19
NVD
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy