ReportizFlow
Filtered by vendor Amd
Subscriptions
Total
383 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36355 | 1 Amd | 25 Epyc 9004 Series Processors, Epyc Embedded 9004 Series Processors, Ryzen 5000 Series Desktop Processors and 22 more | 2026-04-15 | N/A |
| Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execution. | ||||
| CVE-2023-20516 | 1 Amd | 7 Instinct Mi210, Instinct Mi250, Radeon and 4 more | 2026-04-15 | 3.3 Low |
| Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity. | ||||
| CVE-2023-31325 | 1 Amd | 6 Radeon, Radeon Pro W7000, Radeon Rx 7000 and 3 more | 2026-04-15 | 7.2 High |
| Improper isolation of shared resources on System-on-a-chip (SOC) could a privileged attacker to tamper with the contents of the PSP reserved DRAM region potentially resulting in loss of confidentiality and integrity. | ||||
| CVE-2022-23817 | 1 Amd | 128 Athlon 3000g Firmware, Athlon Gold 3150ge Firmware, Athlon Gold Pro 3150g Firmware and 125 more | 2026-04-15 | 7 High |
| Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation. | ||||
| CVE-2021-46750 | 1 Amd | 11 Athlon, Athlon 3000, Radeon Pro V620 and 8 more | 2026-04-15 | 3 Low |
| Failure to validate the address and size in TEE (Trusted Execution Environment) may allow a malicious x86 attacker to send malformed messages to the graphics mailbox resulting in an overlap of a TMR (Trusted Memory Region) that was previously allocated by the ASP bootloader leading to a potential loss of integrity. | ||||
| CVE-2025-52539 | 1 Amd | 1 Xilinx Run Time | 2026-04-15 | 7.3 High |
| A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt data from the advanced extensible interface (AXI), potentially resulting in loss of confidentiality, integrity, and/or availability. | ||||
| CVE-2021-26410 | 1 Amd | 15 Radeon Pro V520, Radeon Pro V620, Radeon Pro W5000 Series and 12 more | 2026-04-15 | N/A |
| Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer the contents of the kernel memory leading to potential information disclosure. | ||||
| CVE-2024-36326 | 1 Amd | 3 Ryzen, Ryzen 7040, Ryzen Ai 300 | 2026-04-15 | 8.4 High |
| Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a standby state, potentially resulting in a loss of confidentiality and integrity. | ||||
| CVE-2023-31313 | 1 Amd | 2 Instinct Mi210, Instinct Mi250 | 2026-04-15 | 7.2 High |
| An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution. | ||||
| CVE-2023-31322 | 1 Amd | 3 Radeon, Radeon Pro W7000, Radeon Rx 7000 | 2026-04-15 | 8.7 High |
| Type confusion in the ASP could allow an attacker to pass a malformed argument to the Reliability, Availability, and Serviceability trusted application (RAS TA) potentially leading to a read or write to shared memory resulting in loss of confidentiality, integrity, or availability. | ||||
| CVE-2024-36354 | 1 Amd | 11 Athlon, Athlon 3000, Epyc and 8 more | 2026-04-15 | 7.5 High |
| Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level. | ||||
| CVE-2023-31364 | 1 Amd | 33 Athlon 3000 Series Mobile Processors With Radeon Graphics, Epyc 7001 Series Processors, Epyc 7002 Series Processors and 30 more | 2026-04-15 | N/A |
| Improper handling of direct memory writes in the input-output memory management unit could allow a malicious guest virtual machine (VM) to flood a host with writes, potentially causing a fatal machine check error resulting in denial of service. | ||||
| CVE-2024-36352 | 1 Amd | 11 Athlon, Athlon 3000, Radeon Instinct Mi25 and 8 more | 2026-04-15 | 8.4 High |
| Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary writes or denial of service. | ||||
| CVE-2025-0009 | 1 Amd | 9 Athlon, Radeon Pro V520, Radeon Pro V620 and 6 more | 2026-04-15 | 5.5 Medium |
| A NULL pointer dereference in AMD Crash Defender could allow an attacker to write a NULL output to a log file potentially resulting in a system crash and loss of availability. | ||||
| CVE-2023-31351 | 1 Amd | 4 Epyc, Epyc 7003, Epyc 8004 and 1 more | 2026-04-15 | 5.3 Medium |
| Improper restriction of operations in the IOMMU could allow a malicious hypervisor to access guest private memory resulting in loss of integrity. | ||||
| CVE-2024-21981 | 1 Amd | 3 Athlon, Epyc, Ryzen | 2026-04-15 | 5.7 Medium |
| Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity. | ||||
| CVE-2021-26381 | 1 Amd | 17 Radeon Pro V520, Radeon Pro V620, Radeon Pro W5000 Series and 14 more | 2026-04-15 | N/A |
| Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption. | ||||
| CVE-2024-2193 | 2 Amd, Xen | 2 Cpu, Xen | 2026-04-15 | 5.7 Medium |
| A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. | ||||
| CVE-2024-21923 | 1 Amd | 1 Storemi | 2026-04-15 | 7.3 High |
| Incorrect default permissions in AMD StoreMI™ could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | ||||
| CVE-2024-21935 | 1 Amd | 2 Instinct Mi300x, Satellite Management Controller | 2026-04-15 | 5 Medium |
| Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish® API commands to remove files from the local root directory, potentially resulting in data corruption. | ||||