Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20521 | 1 Amd | 186 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 183 more | 2024-06-18 | N/A | 5.7 MEDIUM |
| TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. | |||||
| CVE-2022-23821 | 1 Amd | 214 Athlon 3015ce, Athlon 3015ce Firmware, Athlon 3015e and 211 more | 2024-02-13 | N/A | 9.8 CRITICAL |
| Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution. | |||||
| CVE-2021-26393 | 1 Amd | 180 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 177 more | 2024-02-13 | N/A | 5.5 MEDIUM |
| Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality. | |||||
| CVE-2021-26392 | 1 Amd | 252 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 249 more | 2024-02-13 | N/A | 7.8 HIGH |
| Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA. | |||||
| CVE-2020-12931 | 1 Amd | 215 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 212 more | 2024-02-13 | N/A | 7.8 HIGH |
| Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | |||||
| CVE-2020-12930 | 1 Amd | 219 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 216 more | 2024-02-13 | N/A | 7.8 HIGH |
| Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | |||||
| CVE-2022-29900 | 4 Amd, Debian, Fedoraproject and 1 more | 249 A10-9600p, A10-9600p Firmware, A10-9630p and 246 more | 2024-02-04 | 2.1 LOW | 6.5 MEDIUM |
| Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. | |||||
| CVE-2022-27672 | 1 Amd | 330 A10-9600p, A10-9600p Firmware, A10-9630p and 327 more | 2024-02-04 | N/A | 4.7 MEDIUM |
| When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. | |||||
| CVE-2022-23825 | 4 Amd, Debian, Fedoraproject and 1 more | 249 A10-9600p, A10-9600p Firmware, A10-9630p and 246 more | 2024-02-04 | 2.1 LOW | 6.5 MEDIUM |
| Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. | |||||
| CVE-2022-23824 | 3 Amd, Fedoraproject, Xen | 336 A10-9600p, A10-9600p Firmware, A10-9630p and 333 more | 2024-02-04 | N/A | 5.5 MEDIUM |
| IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. | |||||
| CVE-2023-4969 | 3 Amd, Imaginationtech, Khronos | 261 Athlon 3000g, Athlon 3000g Firmware, Instinct Mi100 and 258 more | 2024-01-23 | N/A | 6.5 MEDIUM |
| A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures. | |||||
| CVE-2023-20559 | 1 Amd | 178 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 175 more | 2023-11-07 | N/A | 8.8 HIGH |
| Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. | |||||
| CVE-2023-20558 | 1 Amd | 178 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 175 more | 2023-11-07 | N/A | 8.8 HIGH |
| Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. | |||||
| CVE-2023-20597 | 1 Amd | 202 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 199 more | 2023-09-22 | N/A | 5.5 MEDIUM |
| Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | |||||
| CVE-2023-20594 | 1 Amd | 250 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 247 more | 2023-09-22 | N/A | 4.4 MEDIUM |
| Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | |||||
| CVE-2021-26388 | 1 Amd | 213 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 210 more | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service. | |||||
| CVE-2021-26384 | 1 Amd | 104 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 101 more | 2023-08-08 | N/A | 7.8 HIGH |
| A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources. | |||||
| CVE-2021-26373 | 1 Amd | 175 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 172 more | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service. | |||||
| CVE-2021-26376 | 1 Amd | 167 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 164 more | 2023-08-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service. | |||||
| CVE-2021-26365 | 1 Amd | 108 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 105 more | 2023-05-26 | N/A | 8.2 HIGH |
| Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents. | |||||