AMD processors
by AMD
CVEs (28)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5926 | Hig | 0.49 | 7.5 | 0.00 | Feb 27, 2017 | Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking… | ||
| CVE-2023-20584 | 0.00 | — | 0.00 | Aug 13, 2024 | IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity. | |||
| CVE-2023-20578 | 0.00 | — | 0.00 | Aug 13, 2024 | A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution. | |||
| CVE-2022-23830 | 0.00 | — | 0.00 | Nov 14, 2023 | SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. | |||
| CVE-2023-20583 | 0.00 | — | 0.00 | Aug 1, 2023 | A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information. | |||
| CVE-2022-23824 | 0.00 | — | 0.00 | Nov 9, 2022 | IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. | |||
| CVE-2021-46778 | 0.00 | — | 0.00 | Aug 9, 2022 | Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may… | |||
| CVE-2022-23825 | 0.00 | — | 0.00 | Jul 14, 2022 | Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. | |||
| CVE-2022-29900 | 0.00 | — | 0.01 | Jul 12, 2022 | Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. | |||
| CVE-2022-23823 | 0.00 | — | 0.01 | Jun 15, 2022 | A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. | |||
| CVE-2021-46744 | 0.00 | — | 0.00 | May 11, 2022 | An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time. | |||
| CVE-2021-26400 | 0.00 | — | 0.00 | May 11, 2022 | AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage. | |||
| CVE-2021-26388 | 0.00 | — | 0.00 | May 11, 2022 | Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service. | |||
| CVE-2021-26376 | 0.00 | — | 0.00 | May 11, 2022 | Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service. | |||
| CVE-2021-26373 | 0.00 | — | 0.00 | May 11, 2022 | Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service. | |||
| CVE-2021-26348 | 0.00 | — | 0.00 | May 11, 2022 | Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity. | |||
| CVE-2021-26364 | 0.00 | — | 0.00 | May 11, 2022 | Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service. | |||
| CVE-2021-26349 | 0.00 | — | 0.00 | May 11, 2022 | Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA). | |||
| CVE-2021-26378 | 0.00 | — | 0.00 | May 11, 2022 | Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | |||
| CVE-2021-26342 | 0.00 | — | 0.00 | May 11, 2022 | In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB… |
- risk 0.49cvss 7.5epss 0.00
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking…
- CVE-2023-20584Aug 13, 2024risk 0.00cvss —epss 0.00
IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.
- CVE-2023-20578Aug 13, 2024risk 0.00cvss —epss 0.00
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.
- CVE-2022-23830Nov 14, 2023risk 0.00cvss —epss 0.00
SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
- CVE-2023-20583Aug 1, 2023risk 0.00cvss —epss 0.00
A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.
- CVE-2022-23824Nov 9, 2022risk 0.00cvss —epss 0.00
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
- CVE-2021-46778Aug 9, 2022risk 0.00cvss —epss 0.00
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may…
- CVE-2022-23825Jul 14, 2022risk 0.00cvss —epss 0.00
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
- CVE-2022-29900Jul 12, 2022risk 0.00cvss —epss 0.01
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
- CVE-2022-23823Jun 15, 2022risk 0.00cvss —epss 0.01
A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.
- CVE-2021-46744May 11, 2022risk 0.00cvss —epss 0.00
An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time.
- CVE-2021-26400May 11, 2022risk 0.00cvss —epss 0.00
AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage.
- CVE-2021-26388May 11, 2022risk 0.00cvss —epss 0.00
Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.
- CVE-2021-26376May 11, 2022risk 0.00cvss —epss 0.00
Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service.
- CVE-2021-26373May 11, 2022risk 0.00cvss —epss 0.00
Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.
- CVE-2021-26348May 11, 2022risk 0.00cvss —epss 0.00
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.
- CVE-2021-26364May 11, 2022risk 0.00cvss —epss 0.00
Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service.
- CVE-2021-26349May 11, 2022risk 0.00cvss —epss 0.00
Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA).
- CVE-2021-26378May 11, 2022risk 0.00cvss —epss 0.00
Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.
- CVE-2021-26342May 11, 2022risk 0.00cvss —epss 0.00
In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB…
Page 1 of 2