Filtered by vendor Amd Subscriptions
Total 287 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-20586 1 Amd 1 Radeon Software 2024-11-21 9.8 Critical
A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations
CVE-2023-20583 1 Amd 1 * 2024-11-21 4.7 Medium
A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.
CVE-2023-20579 1 Amd 258 Ryzen 3 3200u, Ryzen 3 3200u Firmware, Ryzen 3 3250c and 255 more 2024-11-21 6.0 Medium
Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.
CVE-2023-20573 1 Amd 130 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 127 more 2024-11-21 3.2 Low
A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information.
CVE-2023-20571 1 Amd 142 Ryzen 3 5100, Ryzen 3 5100 Firmware, Ryzen 3 5125c and 139 more 2024-11-21 8.1 High
A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.
CVE-2023-20570 1 Amd 94 Alveo U200, Alveo U200 Firmware, Alveo U250 and 91 more 2024-11-21 3.3 Low
Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams.
CVE-2023-20569 5 Amd, Debian, Fedoraproject and 2 more 302 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 299 more 2024-11-21 4.7 Medium
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
CVE-2023-20568 2 Amd, Intel 123 Radeon Pro Vega 56, Radeon Pro Vega 56 Firmware, Radeon Pro Vega 64 and 120 more 2024-11-21 6.7 Medium
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
CVE-2023-20567 2 Amd, Intel 123 Radeon Pro Vega 56, Radeon Pro Vega 56 Firmware, Radeon Pro Vega 64 and 120 more 2024-11-21 6.7 Medium
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
CVE-2023-20565 1 Amd 142 Ryzen 3 5100, Ryzen 3 5100 Firmware, Ryzen 3 5125c and 139 more 2024-11-21 7.8 High
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.
CVE-2023-20564 2 Amd, Microsoft 5 Ryzen, Ryzen Master, Ryzen Master Monitoring Sdk and 2 more 2024-11-21 6.7 Medium
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution.
CVE-2023-20563 1 Amd 154 Ryzen 3 5100, Ryzen 3 5100 Firmware, Ryzen 3 5125c and 151 more 2024-11-21 7.8 High
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.
CVE-2023-20562 3 Amd, Linux, Microsoft 4 Amd Uprof, Uprof Tool, Linux Kernel and 1 more 2024-11-21 7.8 High
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.
CVE-2023-20561 3 Amd, Linux, Microsoft 3 Amd Uprof, Linux Kernel, Windows 2024-11-21 5.5 Medium
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.
CVE-2023-20560 2 Amd, Microsoft 4 Ryzen Master, Ryzen Master Monitoring Sdk, Windows 10 and 1 more 2024-11-21 4.4 Medium
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service.
CVE-2023-20559 1 Amd 178 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 175 more 2024-11-21 8.8 High
Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.
CVE-2023-20558 1 Amd 178 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 175 more 2024-11-21 8.8 High
Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.
CVE-2023-20556 3 Amd, Linux, Microsoft 3 Amd Uprof, Linux Kernel, Windows 2024-11-21 5.5 Medium
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.
CVE-2023-20555 1 Amd 238 Athlon 3015ce, Athlon 3015ce Firmware, Athlon 3015e and 235 more 2024-11-21 7.8 High
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.
CVE-2023-20533 1 Amd 170 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 167 more 2024-11-21 6.1 Medium
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.