Filtered by vendor Amd
Subscribe
Total
285 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26352 | 1 Amd | 60 Ryzen 3 5300g, Ryzen 3 5300g Firmware, Ryzen 3 5300ge and 57 more | 2022-05-25 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service. | |||||
| CVE-2021-26390 | 1 Amd | 74 Athlon 300u, Athlon 300u Firmware, Ryzen 3 3200u and 71 more | 2022-05-25 | 4.9 MEDIUM | 6.2 MEDIUM |
| A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data. | |||||
| CVE-2021-26350 | 1 Amd | 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more | 2022-05-23 | 1.9 LOW | 4.7 MEDIUM |
| A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service. | |||||
| CVE-2021-26339 | 1 Amd | 168 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 165 more | 2022-05-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers. | |||||
| CVE-2021-26349 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2022-05-20 | 2.1 LOW | 5.5 MEDIUM |
| Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA). | |||||
| CVE-2021-26342 | 1 Amd | 76 Epyc 7001, Epyc 7001 Firmware, Epyc 7251 and 73 more | 2022-05-19 | 2.1 LOW | 3.3 LOW |
| In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability. | |||||
| CVE-2021-26348 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2022-05-19 | 2.1 LOW | 5.5 MEDIUM |
| Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity. | |||||
| CVE-2021-26370 | 1 Amd | 98 Epyc 7002, Epyc 7002 Firmware, Epyc 7232p and 95 more | 2022-05-18 | 6.6 MEDIUM | 7.1 HIGH |
| Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability. | |||||
| CVE-2021-26408 | 1 Amd | 76 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 73 more | 2022-05-17 | 6.6 MEDIUM | 7.1 HIGH |
| Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest's integrity or confidentiality. | |||||
| CVE-2021-26332 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2022-05-16 | 6.6 MEDIUM | 7.1 HIGH |
| Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW could result in a potential loss of integrity or availability. | |||||
| CVE-2021-26324 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2022-05-16 | 7.2 HIGH | 7.8 HIGH |
| A bug with the SEV-ES TMR may lead to a potential loss of memory integrity for SNP-active VMs. | |||||
| CVE-2021-46771 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2022-05-16 | 7.2 HIGH | 7.8 HIGH |
| Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application. | |||||
| CVE-2021-26335 | 1 Amd | 116 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 113 more | 2022-05-12 | 7.2 HIGH | 7.8 HIGH |
| Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution. | |||||
| CVE-2020-12951 | 1 Amd | 116 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 113 more | 2022-05-12 | 4.4 MEDIUM | 7.0 HIGH |
| Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations. | |||||
| CVE-2021-26312 | 1 Amd | 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more | 2022-05-11 | 2.1 LOW | 5.5 MEDIUM |
| Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity. | |||||
| CVE-2020-6102 | 1 Amd | 1 Radeon Directx 11 Driver Atidxx64.dll | 2022-04-27 | 6.5 MEDIUM | 9.9 CRITICAL |
| An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). | |||||
| CVE-2021-26333 | 1 Amd | 2 Chipset Driver, Psp Driver | 2022-04-26 | 4.9 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages. | |||||
| CVE-2019-9836 | 2 Amd, Opensuse | 16 Epyc 7251, Epyc 7261, Epyc 7281 and 13 more | 2022-04-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation. | |||||
| CVE-2021-26401 | 1 Amd | 252 A10-9600p, A10-9600p Firmware, A10-9630p and 249 more | 2022-03-18 | 1.9 LOW | 5.6 MEDIUM |
| LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. | |||||
| CVE-2020-12891 | 1 Amd | 2 Radeon Pro Software, Radeon Software | 2022-02-09 | 4.4 MEDIUM | 7.8 HIGH |
| AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable. | |||||