73
CVEs
1
Critical
29
High
0
KEV
0
PoC
18
Unpatched C/H
58.9%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
29
MEDIUM
38
LOW
1
Monthly CVE Trend
Affected Products (30)
Linux Kernel
226
Debian Linux
35
Xen
29
Fedora
19
Epyc 7401 Firmware
10
Epyc 7281 Firmware
10
Epyc 7351P Firmware
10
Epyc 7351 Firmware
10
Epyc 7662 Firmware
10
Epyc 7601 Firmware
10
Epyc 7532 Firmware
10
Epyc 7452 Firmware
10
Epyc 7542 Firmware
10
Epyc 7451 Firmware
10
Epyc 7301 Firmware
10
Epyc 7402P Firmware
10
Epyc 7F32 Firmware
10
Epyc 7502 Firmware
10
Epyc 7302P Firmware
10
Epyc 7502P Firmware
10
Epyc 7251 Firmware
10
Epyc 7F72 Firmware
10
Epyc 7402 Firmware
10
Epyc 7272 Firmware
10
Epyc 7352 Firmware
10
Epyc 7262 Firmware
10
Leap
10
Epyc 7551 Firmware
10
Epyc 7702 Firmware
10
Epyc 7F52 Firmware
10
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-0481 | Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to t | CRITICAL | 9.2 | 0.2% | 46 |
No patch
|
| CVE-2026-53053 | Improper DMA-alias handling in the Linux kernel's AMD IOMMU driver lets a stale or incorrect Device Table Entry (DTE) be propagated to an alias PCI device, weakening the DMA isolation the IOMMU is meant to enforce. The flaw affects systems on AMD platforms where pci_for_each_dma_alias() supplies an alias-rather than the original-device to clone_alias(), causing the wrong source devid to be used when copying the DTE. EPSS is low (0.17%, 6th percentile) and there is no public exploit identified at time of analysis. | HIGH | 8.8 | 0.2% | 44 |
|
| CVE-2026-46174 | Local privilege escalation and information disclosure in the Linux kernel on AMD Zen2 CPUs allows low-privileged users to trigger instruction corruption via improper isolation of shared resources in the op cache. Affecting kernels prior to 5.10.256, 5.15.207, 6.1.173, 6.6.139, 6.12.88, 6.18.30, and 7.0.7, the flaw carries a CVSS 8.8 due to scope change (S:C) impacting confidentiality, integrity, and availability beyond the original security boundary. EPSS is very low (0.02%, 7th percentile) and no public exploit identified at time of analysis, but the architectural nature of the bug (CPU op cache sharing) makes it relevant for multi-tenant and virtualization workloads. | HIGH | 8.8 | 0.0% | 44 |
|
| CVE-2023-31317 | Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in. Rated high severity (CVSS 8.8). No vendor patch available. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2024-21962 | Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 8.6 | 0.0% | 43 |
No patch
|
| CVE-2025-54517 | Buffer overflow in AMD GPU driver IOCTL handler enables local privilege escalation to root on Linux systems running AMD Instinct or Radeon Pro GPUs. Authenticated local users with low privileges can exploit an out-of-bounds write vulnerability in the AMDGV_CMD_GET_DIAG_DATA IOCTL to achieve arbitrary kernel code execution. EPSS data not available; no public exploit or CISA KEV listing identified at time of analysis, suggesting limited active exploitation despite high CVSS 8.5 severity. | HIGH | 8.5 | 0.0% | 43 |
No patch
|
| CVE-2025-48519 | Out-of-bounds read/write in AMD Platform Management Framework (PMF) driver allows local authenticated users to escalate privileges on Ryzen 6000/7000/8000 series processors. AMD has released patched chipset software version 7.06.02.123 addressing the improper input validation vulnerability. No public exploit code identified and CISA has not added this to KEV, indicating exploitation is not yet confirmed in real-world attacks despite the high CVSS score. Attackers must already have local system access with standard user privileges to exploit this vulnerability. | HIGH | 8.5 | 0.0% | 43 |
No patch
|
| CVE-2025-52540 | Out-of-bounds write in the AMD Platform Management Framework (PMF) Driver enables local authenticated users to escalate privileges on AMD Ryzen 6000/7000/8000 series processors. The vulnerability stems from improper input validation (CWE-787) allowing memory corruption beyond allocated buffer boundaries. Exploitation requires low-privilege local access with low attack complexity (CVSS 4.0: AV:L/AC:L/PR:L), making this a realistic post-compromise escalation vector. AMD released chipset driver version 7.06.02.123 addressing all affected Ryzen series. No public exploit or active exploitation confirmed at time of analysis. | HIGH | 8.5 | 0.0% | 43 |
No patch
|
| CVE-2025-61972 | Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, | HIGH | 8.5 | 0.0% | 43 |
No patch
|
| CVE-2026-0432 | Insecure installation directory permissions in AMD chipset driver allow local authenticated attackers to achieve SYSTEM-level privilege escalation and execute arbitrary code. The vulnerability affects nearly all AMD Ryzen, Threadripper, EPYC, and Athlon processors across desktop, mobile, embedded, and server product lines. AMD has released patched chipset driver versions 8.01.20.513 (consumer/workstation) and 8.03.14.329/8.03.16.641 (server). No active exploitation confirmed at time of analysis, but the local vector and low attack complexity make this exploitable by any authenticated Windows user, including standard users without admin rights. | HIGH | 8.5 | 0.0% | 43 |
No patch
|
| CVE-2025-29936 | Local privilege escalation in AMD Platform Management Framework (PMF) allows authenticated attackers with low privileges to unmap arbitrary memory pages, potentially executing code with elevated privileges or triggering system crashes. Affects modern AMD Ryzen mobile processors across multiple generations (6000/7000/8000/AI 300 series, embedded variants). The vulnerability enables both horizontal escalation (confidentiality compromise via changed scope in CVSS 4.0) and vertical impact (integrity/availability degradation). No evidence of active exploitation (not in CISA KEV), but the local attack vector with low complexity makes this exploitable by malware or malicious insiders once system access is obtained. EPSS data not available for risk calibration. | HIGH | 8.4 | 0.0% | 42 |
No patch
|
| CVE-2025-29935 | Local privilege escalation in AMD Platform Management Framework (PMF) allows authenticated attackers with low privileges to execute arbitrary code with elevated system privileges through an out-of-bounds write vulnerability. Affects multiple AMD Ryzen processor series (6000, 7035, 7040, 8040, and Embedded R8000) across mobile and embedded platforms. The CVSS 4.0 score of 8.4 reflects high impact to system integrity and availability with changed scope, indicating the attacker can escape the vulnerable component's security context. No active exploitation confirmed in CISA KEV at time of analysis, and public exploit code availability is not indicated in current intelligence. | HIGH | 8.4 | 0.0% | 42 |
No patch
|
| CVE-2025-0028 | Local attackers with low-privilege credentials can exploit unchecked return value handling in AMD Platform Management Framework (PMF) to read or write arbitrary memory addresses across multiple AMD Ryzen processor families (6000, 7000, 8000 series). This CWE-252 flaw enables privilege escalation to kernel level, compromising system confidentiality and availability with high impact across both virtualized and physical contexts. AMD has released security bulletin AMD-SB-4015 addressing the vulnerability. No CISA KEV listing or public exploit code has been identified at time of analysis, but the low attack complexity (AC:L) and local privilege requirement (PR:L) suggest exploitation is technically straightforward for attackers with initial system access. | HIGH | 8.3 | 0.0% | 42 |
No patch
|
| CVE-2026-53137 | Out-of-bounds kernel heap write in the AMD Display (amdgpu) driver's HDMI HDCP 2.x repeater authentication path affects Linux kernels from 5.6 through the 7.1 release candidates. When reading a downstream sink's RxStatus register, the driver in mod_hdcp_read_rx_id_list() uses an attacker-influenced 10-bit message-size field (up to 1023 bytes) as the I2C read length without bounding it to the 177-byte rx_id_list buffer, so a malicious HDMI repeater can force a write past the buffer and corrupt kernel memory. There is no public exploit identified at time of analysis and EPSS is low (0.21%, 11th percentile); it is not listed in CISA KEV. | HIGH | 7.8 | 0.2% | 39 |
|
| CVE-2026-53145 | Local privilege escalation and memory corruption in the Linux kernel DRM/GEM subsystem stems from a race condition in the GEM change_handle ioctl when it runs concurrently with gem_close, where botched two-stage idr_replace handling against the wrong idr slot allows a concurrent close to steal the object's only inherited reference. The flaw affects systems using the DRM graphics stack (notably AMD GPU paths, per source tags) and an unprivileged local user with access to a DRM render/card device can trigger a use-after-free, with the upstream resolution disabling the change_handle ioctl entirely until the locking can be proven correct. No public exploit identified at time of analysis and EPSS is low (0.17%, 7th percentile), consistent with a local-only, hard-to-win race rather than mass exploitation. | HIGH | 7.8 | 0.2% | 39 |
|