Filtered by vendor Amd Subscriptions
Total 287 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-20532 1 Amd 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more 2024-11-21 5.3 Medium
Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.
CVE-2023-20531 1 Amd 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more 2024-11-21 7.5 High
Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.
CVE-2023-20530 1 Amd 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more 2024-11-21 7.5 High
Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.
CVE-2023-20529 1 Amd 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more 2024-11-21 7.5 High
Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.
CVE-2023-20528 1 Amd 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more 2024-11-21 2.4 Low
Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.
CVE-2023-20527 1 Amd 128 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 125 more 2024-11-21 6.5 Medium
Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.
CVE-2023-20526 1 Amd 146 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 143 more 2024-11-21 1.9 Low
Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
CVE-2023-20525 1 Amd 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more 2024-11-21 6.5 Medium
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.
CVE-2023-20524 1 Amd 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more 2024-11-21 7.5 High
An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of integrity.
CVE-2023-20523 1 Amd 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more 2024-11-21 5.7 Medium
TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.
CVE-2023-20522 1 Amd 4 Milanpi, Milanpi Firmware, Romepi and 1 more 2024-11-21 7.5 High
Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service.
CVE-2023-20521 1 Amd 186 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 183 more 2024-11-21 3.3 Low
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
CVE-2023-20520 1 Amd 126 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 123 more 2024-11-21 9.8 Critical
Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution.
CVE-2023-20519 1 Amd 4 Genoapi, Genoapi Firmware, Milanpi and 1 more 2024-11-21 3.3 Low
A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.
CVE-2022-44643 2 Amd, Grafana 2 Amd64, Enterprise Metrics 2024-11-21 5.7 Medium
A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not be applied when using this policy with the affected versions of the software. This issue affects: Grafana Labs Grafana Enterprise Metrics GEM 1.X versions prior to 1.7.1 on AMD64; GEM 2.X versions prior to 2.3.1 on AMD64.
CVE-2022-29900 5 Amd, Debian, Fedoraproject and 2 more 253 A10-9600p, A10-9600p Firmware, A10-9630p and 250 more 2024-11-21 6.5 Medium
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
CVE-2022-29277 2 Amd, Intel 78 Genoa, Genoa Firmware, Hygon 1 and 75 more 2024-11-21 8.8 High
Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.0066 Cedar Island: 05.42.11.0021 Eagle Stream: 05.44.25.0052 Greenlow/Greenlow-R(skylake/kabylake): Trunk Mehlow/Mehlow-R (CoffeeLake-S): Trunk Tatlow (RKL-S): Trunk Denverton: 05.10.12.0042 Snow Ridge: Trunk Graneville DE: 05.05.15.0038 Grangeville DE NS: 05.27.26.0023 Bakerville: 05.21.51.0026 Idaville: 05.44.27.0030 Whiskey Lake: Trunk Comet Lake-S: Trunk Tiger Lake H/UP3: 05.43.12.0052 Alder Lake: 05.44.23.0047 Gemini Lake: Not Affected Apollo Lake: Not Affected Elkhart Lake: 05.44.30.0018 AMD ROME: trunk MILAN: 05.36.10.0017 GENOA: 05.52.25.0006 Snowy Owl: Trunk R1000: 05.32.50.0018 R2000: 05.44.30.0005 V2000: Trunk V3000: 05.44.30.0007 Ryzen 5000: 05.44.30.0004 Embedded ROME: Trunk Embedded MILAN: Trunk Hygon Hygon #1/#2: 05.36.26.0016 Hygon #3: 05.44.26.0007 https://www.insyde.com/security-pledge/SA-2022060
CVE-2022-27677 1 Amd 1 Ryzen Master 2024-11-21 7.8 High
Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user.
CVE-2022-27674 4 Amd, Freebsd, Linux and 1 more 4 Amd Uprof, Freebsd, Linux Kernel and 1 more 2024-11-21 7.5 High
Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.
CVE-2022-27673 1 Amd 1 Amd Link 2024-11-21 7.5 High
Insufficient access controls in the AMD Link Android app may potentially result in information disclosure.