119
CVEs
1
Critical
43
High
0
KEV
0
PoC
28
Unpatched C/H
56.3%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
43
MEDIUM
65
LOW
4
Monthly CVE Trend
Affected Products (30)
Linux Kernel
226
Debian Linux
35
Xen
29
Fedora
19
Epyc 7401 Firmware
10
Epyc 7281 Firmware
10
Epyc 7351P Firmware
10
Epyc 7351 Firmware
10
Epyc 7662 Firmware
10
Epyc 7601 Firmware
10
Epyc 7532 Firmware
10
Epyc 7452 Firmware
10
Epyc 7542 Firmware
10
Epyc 7451 Firmware
10
Epyc 7301 Firmware
10
Epyc 7402P Firmware
10
Epyc 7F32 Firmware
10
Epyc 7502 Firmware
10
Epyc 7302P Firmware
10
Epyc 7502P Firmware
10
Epyc 7251 Firmware
10
Epyc 7F72 Firmware
10
Epyc 7402 Firmware
10
Epyc 7272 Firmware
10
Epyc 7352 Firmware
10
Epyc 7262 Firmware
10
Leap
10
Epyc 7551 Firmware
10
Epyc 7702 Firmware
10
Epyc 7F52 Firmware
10
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-0481 | Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to t | CRITICAL | 9.2 | 0.2% | 46 |
No patch
|
| CVE-2026-53053 | Improper DMA-alias handling in the Linux kernel's AMD IOMMU driver lets a stale or incorrect Device Table Entry (DTE) be propagated to an alias PCI device, weakening the DMA isolation the IOMMU is meant to enforce. The flaw affects systems on AMD platforms where pci_for_each_dma_alias() supplies an alias-rather than the original-device to clone_alias(), causing the wrong source devid to be used when copying the DTE. EPSS is low (0.17%, 6th percentile) and there is no public exploit identified at time of analysis. | HIGH | 8.8 | 0.2% | 44 |
|
| CVE-2026-46174 | Local privilege escalation and information disclosure in the Linux kernel on AMD Zen2 CPUs allows low-privileged users to trigger instruction corruption via improper isolation of shared resources in the op cache. Affecting kernels prior to 5.10.256, 5.15.207, 6.1.173, 6.6.139, 6.12.88, 6.18.30, and 7.0.7, the flaw carries a CVSS 8.8 due to scope change (S:C) impacting confidentiality, integrity, and availability beyond the original security boundary. EPSS is very low (0.02%, 7th percentile) and no public exploit identified at time of analysis, but the architectural nature of the bug (CPU op cache sharing) makes it relevant for multi-tenant and virtualization workloads. | HIGH | 8.8 | 0.0% | 44 |
|
| CVE-2023-31317 | Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in. Rated high severity (CVSS 8.8). No vendor patch available. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2024-21962 | Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 8.6 | 0.0% | 43 |
No patch
|
| CVE-2025-54517 | Buffer overflow in AMD GPU driver IOCTL handler enables local privilege escalation to root on Linux systems running AMD Instinct or Radeon Pro GPUs. Authenticated local users with low privileges can exploit an out-of-bounds write vulnerability in the AMDGV_CMD_GET_DIAG_DATA IOCTL to achieve arbitrary kernel code execution. EPSS data not available; no public exploit or CISA KEV listing identified at time of analysis, suggesting limited active exploitation despite high CVSS 8.5 severity. | HIGH | 8.5 | 0.0% | 43 |
No patch
|
| CVE-2025-48519 | Out-of-bounds read/write in AMD Platform Management Framework (PMF) driver allows local authenticated users to escalate privileges on Ryzen 6000/7000/8000 series processors. AMD has released patched chipset software version 7.06.02.123 addressing the improper input validation vulnerability. No public exploit code identified and CISA has not added this to KEV, indicating exploitation is not yet confirmed in real-world attacks despite the high CVSS score. Attackers must already have local system access with standard user privileges to exploit this vulnerability. | HIGH | 8.5 | 0.0% | 43 |
No patch
|
| CVE-2025-52540 | Out-of-bounds write in the AMD Platform Management Framework (PMF) Driver enables local authenticated users to escalate privileges on AMD Ryzen 6000/7000/8000 series processors. The vulnerability stems from improper input validation (CWE-787) allowing memory corruption beyond allocated buffer boundaries. Exploitation requires low-privilege local access with low attack complexity (CVSS 4.0: AV:L/AC:L/PR:L), making this a realistic post-compromise escalation vector. AMD released chipset driver version 7.06.02.123 addressing all affected Ryzen series. No public exploit or active exploitation confirmed at time of analysis. | HIGH | 8.5 | 0.0% | 43 |
No patch
|
| CVE-2025-61972 | Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, | HIGH | 8.5 | 0.0% | 43 |
No patch
|
| CVE-2026-0432 | Insecure installation directory permissions in AMD chipset driver allow local authenticated attackers to achieve SYSTEM-level privilege escalation and execute arbitrary code. The vulnerability affects nearly all AMD Ryzen, Threadripper, EPYC, and Athlon processors across desktop, mobile, embedded, and server product lines. AMD has released patched chipset driver versions 8.01.20.513 (consumer/workstation) and 8.03.14.329/8.03.16.641 (server). No active exploitation confirmed at time of analysis, but the local vector and low attack complexity make this exploitable by any authenticated Windows user, including standard users without admin rights. | HIGH | 8.5 | 0.0% | 43 |
No patch
|
| CVE-2025-29936 | Local privilege escalation in AMD Platform Management Framework (PMF) allows authenticated attackers with low privileges to unmap arbitrary memory pages, potentially executing code with elevated privileges or triggering system crashes. Affects modern AMD Ryzen mobile processors across multiple generations (6000/7000/8000/AI 300 series, embedded variants). The vulnerability enables both horizontal escalation (confidentiality compromise via changed scope in CVSS 4.0) and vertical impact (integrity/availability degradation). No evidence of active exploitation (not in CISA KEV), but the local attack vector with low complexity makes this exploitable by malware or malicious insiders once system access is obtained. EPSS data not available for risk calibration. | HIGH | 8.4 | 0.0% | 42 |
No patch
|
| CVE-2025-29935 | Local privilege escalation in AMD Platform Management Framework (PMF) allows authenticated attackers with low privileges to execute arbitrary code with elevated system privileges through an out-of-bounds write vulnerability. Affects multiple AMD Ryzen processor series (6000, 7035, 7040, 8040, and Embedded R8000) across mobile and embedded platforms. The CVSS 4.0 score of 8.4 reflects high impact to system integrity and availability with changed scope, indicating the attacker can escape the vulnerable component's security context. No active exploitation confirmed in CISA KEV at time of analysis, and public exploit code availability is not indicated in current intelligence. | HIGH | 8.4 | 0.0% | 42 |
No patch
|
| CVE-2025-0028 | Local attackers with low-privilege credentials can exploit unchecked return value handling in AMD Platform Management Framework (PMF) to read or write arbitrary memory addresses across multiple AMD Ryzen processor families (6000, 7000, 8000 series). This CWE-252 flaw enables privilege escalation to kernel level, compromising system confidentiality and availability with high impact across both virtualized and physical contexts. AMD has released security bulletin AMD-SB-4015 addressing the vulnerability. No CISA KEV listing or public exploit code has been identified at time of analysis, but the low attack complexity (AC:L) and local privilege requirement (PR:L) suggest exploitation is technically straightforward for attackers with initial system access. | HIGH | 8.3 | 0.0% | 42 |
No patch
|
| CVE-2026-33941 | The Handlebars npm package precompiler (bin/handlebars) allows arbitrary JavaScript injection through unsanitized string concatenation in four distinct code paths: template filenames, namespace option (-n), CommonJS path option (-c), and AMD path option (-h). Attackers who can control template filenames or CLI arguments can inject code that executes when the generated JavaScript bundle is loaded in Node.js or browser environments. Publicly available exploit code exists with multiple proof-of-concept vectors demonstrated, including file system manipulation via require('fs'). CVSS 8.3 reflects local attack vector requiring low privileges and user interaction, with changed scope allowing high confidentiality, integrity, and availability impact. | HIGH | 8.2 | 0.0% | 41 |
|
| CVE-2021-26383 | Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker with a compromised userspace to invoke a command with malformed arguments leading to out of bounds. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 7.9 | 0.0% | 40 |
No patch
|