Vendor CVEs
AMD
All CVEs
355 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-0481 | Cri | 0.60 | — | 0.00 | May 15, 2026 | Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability | ||
| CVE-2018-6547 | Cri | 0.59 | 9.1 | 0.01 | Apr 13, 2018 | plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the… | ||
| CVE-2018-8936 | Cri | 0.59 | 9.0 | 0.02 | Mar 22, 2018 | The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation. | ||
| CVE-2018-8935 | Cri | 0.59 | 9.0 | 0.02 | Mar 22, 2018 | The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW. | ||
| CVE-2018-8934 | Cri | 0.59 | 9.0 | 0.02 | Mar 22, 2018 | The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. | ||
| CVE-2018-8933 | Cri | 0.59 | 9.0 | 0.02 | Mar 22, 2018 | The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. | ||
| CVE-2018-8932 | Cri | 0.59 | 9.0 | 0.02 | Mar 22, 2018 | The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. | ||
| CVE-2018-8931 | Cri | 0.59 | 9.0 | 0.02 | Mar 22, 2018 | The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1. | ||
| CVE-2018-8930 | Cri | 0.59 | 9.0 | 0.02 | Mar 22, 2018 | The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. | ||
| CVE-2023-31317 | Hig | 0.57 | — | 0.00 | May 15, 2026 | Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution. | ||
| CVE-2023-20514 | Hig | 0.57 | — | 0.00 | Feb 11, 2026 | Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in arbitrary code execution | ||
| CVE-2023-31322 | Hig | 0.57 | 8.7 | 0.00 | Sep 6, 2025 | Type confusion in the ASP could allow an attacker to pass a malformed argument to the Reliability, Availability, and Serviceability trusted application (RAS TA) potentially leading to a read or write to shared memory resulting in loss of confidentiality, integrity, or… | ||
| CVE-2024-21962 | Hig | 0.56 | — | 0.00 | May 15, 2026 | Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution. | ||
| CVE-2025-54517 | Hig | 0.55 | — | 0.00 | May 15, 2026 | Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution. | ||
| CVE-2025-29936 | Hig | 0.55 | — | 0.00 | May 15, 2026 | Improper input validation within the AMD Platform Management Framework (PMF) could allow an attacker to unmap arbitrary memory pages potentially impacting integrity and availability, or allowing privilege escalation resulting in loss of confidentiality. | ||
| CVE-2025-29935 | Hig | 0.55 | — | 0.00 | May 15, 2026 | An out of bounds write within the AMD Platform Management Framework (PMF) could allow an attacker to execute arbitrary code at an elevated privilege level potentially leading to loss of confidentiality integrity, or availability. | ||
| CVE-2026-0432 | Hig | 0.55 | — | 0.00 | May 15, 2026 | Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution. | ||
| CVE-2025-52540 | Hig | 0.55 | — | 0.00 | May 15, 2026 | An improper input validation vulnerability within the AMD Platform Management Framework (PMF) Driver can allow a local attacker to write Out-of-Bounds, potentially resulting in privilege escalation. | ||
| CVE-2025-48519 | Hig | 0.55 | — | 0.00 | May 15, 2026 | An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read or write Out-of-Bounds, potentially resulting in privilege escalation | ||
| CVE-2025-61972 | Hig | 0.55 | — | 0.00 | May 13, 2026 | Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest's confidentiality… | ||
| CVE-2023-31323 | Hig | 0.55 | — | 0.00 | Feb 12, 2026 | Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of confidentiality, integrity, or… | ||
| CVE-2024-36326 | Hig | 0.55 | 8.4 | 0.00 | Sep 6, 2025 | Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a standby state, potentially resulting in a loss of confidentiality and integrity. | ||
| CVE-2025-0028 | Hig | 0.54 | — | 0.00 | May 15, 2026 | An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability. | ||
| CVE-2024-21925 | Hig | 0.53 | 8.2 | 0.00 | Feb 11, 2025 | Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution. | ||
| CVE-2024-21924 | Hig | 0.53 | 8.2 | 0.00 | Feb 11, 2025 | SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution. | ||
| CVE-2024-0179 | Hig | 0.53 | 8.2 | 0.00 | Feb 11, 2025 | SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution. | ||
| CVE-2025-52538 | Hig | 0.52 | 8.0 | 0.00 | Nov 24, 2025 | Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in loss of confidentiality or availability. | ||
| CVE-2024-36333 | Hig | 0.51 | 7.8 | 0.00 | May 15, 2026 | A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | ||
| CVE-2025-48503 | Hig | 0.51 | 7.8 | 0.00 | Feb 11, 2026 | A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | ||
| CVE-2021-26383 | Hig | 0.51 | 7.9 | 0.00 | Sep 6, 2025 | Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker with a compromised userspace to invoke a command with malformed arguments leading to out of bounds memory access, potentially resulting in loss of integrity or availability. | ||
| CVE-2015-7724 | Hig | 0.51 | 7.8 | 0.01 | Jun 7, 2017 | AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE: This vulnerability exists due to an incomplete fix for CVE-2015-7723. | ||
| CVE-2015-7723 | Hig | 0.51 | 7.8 | 0.01 | Jun 7, 2017 | AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. | ||
| CVE-2017-5927 | Hig | 0.49 | 7.5 | 0.02 | Feb 27, 2017 | Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking… | ||
| CVE-2017-5926 | Hig | 0.49 | 7.5 | 0.02 | Feb 27, 2017 | Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking… | ||
| CVE-2017-5925 | Hig | 0.49 | 7.5 | 0.02 | Feb 27, 2017 | Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript,… | ||
| CVE-2025-54518 | Hig | 0.47 | — | 0.00 | May 15, 2026 | Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation. | ||
| CVE-2025-54519 | Hig | 0.47 | 7.3 | 0.00 | Feb 12, 2026 | A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||
| CVE-2023-31313 | Hig | 0.47 | 7.2 | 0.00 | Feb 12, 2026 | An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution. | ||
| CVE-2025-52541 | Hig | 0.47 | 7.3 | 0.00 | Feb 11, 2026 | A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||
| CVE-2025-0003 | Hig | 0.47 | 7.3 | 0.00 | Nov 24, 2025 | Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability | ||
| CVE-2025-52539 | Hig | 0.47 | 7.3 | 0.00 | Nov 24, 2025 | A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt data from the advanced extensible interface (AXI), potentially resulting in loss of confidentiality, integrity, and/or availability. | ||
| CVE-2025-0005 | Hig | 0.47 | 7.3 | 0.00 | Nov 24, 2025 | Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in crash or denial of service. | ||
| CVE-2024-21923 | Hig | 0.47 | 7.3 | 0.00 | Nov 23, 2025 | Incorrect default permissions in AMD StoreMI™ could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | ||
| CVE-2024-21922 | Hig | 0.47 | 7.3 | 0.00 | Nov 23, 2025 | A DLL hijacking vulnerability in AMD StoreMI™ could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||
| CVE-2025-0032 | Hig | 0.47 | 7.2 | 0.00 | Sep 6, 2025 | Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution. | ||
| CVE-2025-0035 | Hig | 0.47 | 7.3 | 0.00 | May 13, 2025 | Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution. | ||
| CVE-2024-36339 | Hig | 0.47 | 7.3 | 0.00 | May 13, 2025 | A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||
| CVE-2024-36321 | Hig | 0.47 | 7.3 | 0.00 | May 13, 2025 | Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution. | ||
| CVE-2024-21960 | Hig | 0.47 | 7.3 | 0.00 | May 13, 2025 | Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | ||
| CVE-2025-0014 | Hig | 0.47 | 7.3 | 0.00 | Apr 2, 2025 | Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. |
- risk 0.60cvss —epss 0.00
Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability
- risk 0.59cvss 9.1epss 0.01
plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the…
- risk 0.59cvss 9.0epss 0.02
The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation.
- risk 0.59cvss 9.0epss 0.02
The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW.
- risk 0.59cvss 9.0epss 0.02
The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW.
- risk 0.59cvss 9.0epss 0.02
The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3.
- risk 0.59cvss 9.0epss 0.02
The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4.
- risk 0.59cvss 9.0epss 0.02
The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1.
- risk 0.59cvss 9.0epss 0.02
The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3.
- risk 0.57cvss —epss 0.00
Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution.
- risk 0.57cvss —epss 0.00
Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in arbitrary code execution
- risk 0.57cvss 8.7epss 0.00
Type confusion in the ASP could allow an attacker to pass a malformed argument to the Reliability, Availability, and Serviceability trusted application (RAS TA) potentially leading to a read or write to shared memory resulting in loss of confidentiality, integrity, or…
- risk 0.56cvss —epss 0.00
Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution.
- risk 0.55cvss —epss 0.00
Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution.
- risk 0.55cvss —epss 0.00
Improper input validation within the AMD Platform Management Framework (PMF) could allow an attacker to unmap arbitrary memory pages potentially impacting integrity and availability, or allowing privilege escalation resulting in loss of confidentiality.
- risk 0.55cvss —epss 0.00
An out of bounds write within the AMD Platform Management Framework (PMF) could allow an attacker to execute arbitrary code at an elevated privilege level potentially leading to loss of confidentiality integrity, or availability.
- risk 0.55cvss —epss 0.00
Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.
- risk 0.55cvss —epss 0.00
An improper input validation vulnerability within the AMD Platform Management Framework (PMF) Driver can allow a local attacker to write Out-of-Bounds, potentially resulting in privilege escalation.
- risk 0.55cvss —epss 0.00
An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read or write Out-of-Bounds, potentially resulting in privilege escalation
- risk 0.55cvss —epss 0.00
Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest's confidentiality…
- risk 0.55cvss —epss 0.00
Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of confidentiality, integrity, or…
- risk 0.55cvss 8.4epss 0.00
Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a standby state, potentially resulting in a loss of confidentiality and integrity.
- risk 0.54cvss —epss 0.00
An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability.
- risk 0.53cvss 8.2epss 0.00
Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.
- risk 0.53cvss 8.2epss 0.00
SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution.
- risk 0.53cvss 8.2epss 0.00
SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution.
- risk 0.52cvss 8.0epss 0.00
Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in loss of confidentiality or availability.
- risk 0.51cvss 7.8epss 0.00
A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
- risk 0.51cvss 7.8epss 0.00
A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
- risk 0.51cvss 7.9epss 0.00
Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker with a compromised userspace to invoke a command with malformed arguments leading to out of bounds memory access, potentially resulting in loss of integrity or availability.
- risk 0.51cvss 7.8epss 0.01
AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE: This vulnerability exists due to an incomplete fix for CVE-2015-7723.
- risk 0.51cvss 7.8epss 0.01
AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack.
- risk 0.49cvss 7.5epss 0.02
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking…
- risk 0.49cvss 7.5epss 0.02
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking…
- risk 0.49cvss 7.5epss 0.02
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript,…
- risk 0.47cvss —epss 0.00
Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.
- risk 0.47cvss 7.3epss 0.00
A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
- risk 0.47cvss 7.2epss 0.00
An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.
- risk 0.47cvss 7.3epss 0.00
A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
- risk 0.47cvss 7.3epss 0.00
Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability
- risk 0.47cvss 7.3epss 0.00
A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt data from the advanced extensible interface (AXI), potentially resulting in loss of confidentiality, integrity, and/or availability.
- risk 0.47cvss 7.3epss 0.00
Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in crash or denial of service.
- risk 0.47cvss 7.3epss 0.00
Incorrect default permissions in AMD StoreMI™ could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
- risk 0.47cvss 7.3epss 0.00
A DLL hijacking vulnerability in AMD StoreMI™ could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
- risk 0.47cvss 7.2epss 0.00
Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution.
- risk 0.47cvss 7.3epss 0.00
Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.
- risk 0.47cvss 7.3epss 0.00
A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
- risk 0.47cvss 7.3epss 0.00
Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.
- risk 0.47cvss 7.3epss 0.00
Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
- risk 0.47cvss 7.3epss 0.00
Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
Page 1 of 8