VYPR

Vendor CVEs

AMD

All CVEs

355 total · sorted by risk
  • CVE-2024-21966HigFeb 11, 2025
    risk 0.47cvss 7.3epss 0.00

    A DLL hijacking vulnerability in the AMD Ryzen™ Master Utility could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

  • CVE-2023-31361HigFeb 11, 2025
    risk 0.47cvss 7.3epss 0.00

    A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

  • CVE-2023-31360HigFeb 11, 2025
    risk 0.47cvss 7.3epss 0.00

    Incorrect default permissions in the AMD Integrated Management Technology (AIM-T) Manageability Service installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

  • CVE-2022-23817HigAug 13, 2024
    risk 0.47cvss epss 0.00

    Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege escalation.

  • CVE-2021-46747HigJun 1, 2026
    risk 0.46cvss epss 0.00

    Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System Management Network) apertures leading to a potential escalation of privileges.

  • CVE-2026-49121HigJun 1, 2026
    risk 0.46cvss 8.1epss 0.01

    AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shm_broadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle…

  • CVE-2024-36334HigMay 15, 2026
    risk 0.46cvss epss 0.00

    Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution.

  • CVE-2025-29938HigMay 15, 2026
    risk 0.46cvss epss 0.00

    An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to write to an arbitrary memory address resulting in denial of service or arbitrary code execution.

  • CVE-2023-31316HigMay 15, 2026
    risk 0.46cvss epss 0.00

    Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next…

  • CVE-2025-48512HigMay 15, 2026
    risk 0.46cvss epss 0.00

    Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.

  • CVE-2025-54502HigApr 16, 2026
    risk 0.46cvss epss 0.00

    Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.

  • CVE-2025-61969HigFeb 11, 2026
    risk 0.46cvss epss 0.00

    Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

  • CVE-2024-36320HigFeb 11, 2026
    risk 0.46cvss epss 0.00

    Integer Overflow within atihdwt6.sys can allow a local attacker to cause out of bound read/write potentially leading to loss of confidentiality, integrity and availability

  • CVE-2021-26381HigFeb 10, 2026
    risk 0.46cvss epss 0.00

    Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption.

  • CVE-2024-25743HigMay 15, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES.

  • CVE-2025-48513MedMay 15, 2026
    risk 0.45cvss epss 0.00

    Use of uninitialized resource within the AMD Platform Management Framework (PMF) could allow an attacker to read a uninitialized kernel memory resulting in loss of confidentiality or availability.

  • CVE-2025-48521MedMay 15, 2026
    risk 0.45cvss epss 0.00

    Improper input validation in the AMD Secure Processor (ASP) PCI driver could allow a local attacker to trigger a Use-After-Free (UAF) condition, potentially resulting in a loss of platform integrity or crash.

  • CVE-2025-48520MedMay 15, 2026
    risk 0.45cvss epss 0.00

    An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a crash

  • CVE-2025-0045MedMay 15, 2026
    risk 0.45cvss epss 0.00

    Improper Input validation in the AMD Secure Processor (ASP) PCI driver may allow a local attacker to create a buffer overflow condition, potentially resulting in a crash or denial of service

  • CVE-2025-29939MedFeb 10, 2026
    risk 0.45cvss epss 0.00

    Improper access control in secure encrypted virtualization (SEV) could allow a privileged attacker to write to the reverse map page (RMP) during secure nested paging (SNP) initialization, potentially resulting in a loss of guest memory confidentiality and integrity.

  • CVE-2025-29944MedMay 15, 2026
    risk 0.44cvss epss 0.00

    A buffer overflow vulnerability within AMD Sensor Fusion Hub Driver can allow a local attacker to write out of bounds, potentially resulting in denial of service or crash

  • CVE-2025-52536MedFeb 10, 2026
    risk 0.44cvss epss 0.00

    Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity.

  • CVE-2025-0038MedOct 6, 2025
    risk 0.43cvss 6.6epss 0.00

    In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces resulting in the loss of integrity and confidentiality.

  • CVE-2025-0037MedJun 10, 2025
    risk 0.43cvss 6.6epss 0.00

    In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality.

  • CVE-2026-43031HigMay 1, 2026
    risk 0.42cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets When a TX packet spans multiple buffer descriptors (scatter-gather), axienet_free_tx_chain sums the per-BD actual length from descriptor status…

  • CVE-2024-36347MedJun 27, 2025
    risk 0.42cvss 6.4epss 0.00

    Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in…

  • CVE-2024-36319MedFeb 12, 2026
    risk 0.41cvss epss 0.00

    Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system.

  • CVE-2025-0033MedOct 14, 2025
    risk 0.39cvss 6.0epss 0.00

    Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity.

  • CVE-2024-36346MedSep 6, 2025
    risk 0.39cvss 6.0epss 0.00

    Improper input validation in AMD Power Management Firmware (PMFW) could allow a privileged attacker from Guest VM to send arbitrary input data potentially causing a GPU Reset condition.

  • CVE-2023-31352MedFeb 11, 2025
    risk 0.39cvss 6.0epss 0.00

    A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data.

  • CVE-2025-29937MedMay 15, 2026
    risk 0.38cvss epss 0.00

    An out of bounds read within the AMD Platform Management Framework (PMF) could allow an attacker to trigger a read of an arbitrary memory location potentially resulting in loss of availability or confidentiality.

  • CVE-2025-54510MedApr 16, 2026
    risk 0.38cvss epss 0.00

    A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity.

  • CVE-2025-29952MedFeb 10, 2026
    risk 0.38cvss epss 0.00

    Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity

  • CVE-2025-29948MedFeb 10, 2026
    risk 0.38cvss epss 0.00

    Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory integrity.

  • CVE-2024-21953MedFeb 10, 2026
    risk 0.38cvss epss 0.00

    Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity.

  • CVE-2025-0007MedNov 24, 2025
    risk 0.37cvss 5.7epss 0.00

    Insufficient validation within Xilinx Run Time framework could allow a local attacker to escalate privileges from user space to kernel space, potentially compromising confidentiality, integrity, and/or availability.

  • CVE-2023-20515MedFeb 11, 2025
    risk 0.37cvss 5.7epss 0.00

    Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.

  • CVE-2024-21981MedAug 13, 2024
    risk 0.37cvss 5.7epss 0.00

    Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.

  • CVE-2026-28237MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability.

  • CVE-2026-0466MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service.

  • CVE-2025-0009MedSep 6, 2025
    risk 0.36cvss 5.5epss 0.00

    A NULL pointer dereference in AMD Crash Defender could allow an attacker to write a NULL output to a log file potentially resulting in a system crash and loss of availability.

  • CVE-2024-21971MedFeb 12, 2025
    risk 0.36cvss 5.5epss 0.00

    Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service.

  • CVE-2017-7262MedMar 25, 2017
    risk 0.36cvss 5.5epss 0.00

    The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite.

  • CVE-2025-48515MedFeb 10, 2026
    risk 0.35cvss epss 0.00

    Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution.

  • CVE-2025-54511MedMay 15, 2026
    risk 0.34cvss epss 0.00

    Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability.

  • CVE-2025-52534MedFeb 10, 2026
    risk 0.34cvss epss 0.00

    Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity.

  • CVE-2025-29934MedNov 21, 2025
    risk 0.34cvss 5.3epss 0.00

    A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity.

  • CVE-2023-20582MedFeb 11, 2025
    risk 0.34cvss 5.3epss 0.00

    Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity.

  • CVE-2021-46746MedAug 13, 2024
    risk 0.34cvss 5.2epss 0.00

    Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service.

  • CVE-2024-21979MedApr 23, 2024
    risk 0.34cvss 5.3epss 0.00

    An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution.

Page 2 of 8