Vendor CVEs
AMD
All CVEs
355 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-21966 | Hig | 0.47 | 7.3 | 0.00 | Feb 11, 2025 | A DLL hijacking vulnerability in the AMD Ryzen™ Master Utility could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||
| CVE-2023-31361 | Hig | 0.47 | 7.3 | 0.00 | Feb 11, 2025 | A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | ||
| CVE-2023-31360 | Hig | 0.47 | 7.3 | 0.00 | Feb 11, 2025 | Incorrect default permissions in the AMD Integrated Management Technology (AIM-T) Manageability Service installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||
| CVE-2022-23817 | Hig | 0.47 | — | 0.00 | Aug 13, 2024 | Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege escalation. | ||
| CVE-2021-46747 | Hig | 0.46 | — | 0.00 | Jun 1, 2026 | Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System Management Network) apertures leading to a potential escalation of privileges. | ||
| CVE-2026-49121 | Hig | 0.46 | 8.1 | 0.01 | Jun 1, 2026 | AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shm_broadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle… | ||
| CVE-2024-36334 | Hig | 0.46 | — | 0.00 | May 15, 2026 | Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution. | ||
| CVE-2025-29938 | Hig | 0.46 | — | 0.00 | May 15, 2026 | An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to write to an arbitrary memory address resulting in denial of service or arbitrary code execution. | ||
| CVE-2023-31316 | Hig | 0.46 | — | 0.00 | May 15, 2026 | Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next… | ||
| CVE-2025-48512 | Hig | 0.46 | — | 0.00 | May 15, 2026 | Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution. | ||
| CVE-2025-54502 | Hig | 0.46 | — | 0.00 | Apr 16, 2026 | Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution. | ||
| CVE-2025-61969 | Hig | 0.46 | — | 0.00 | Feb 11, 2026 | Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||
| CVE-2024-36320 | Hig | 0.46 | — | 0.00 | Feb 11, 2026 | Integer Overflow within atihdwt6.sys can allow a local attacker to cause out of bound read/write potentially leading to loss of confidentiality, integrity and availability | ||
| CVE-2021-26381 | Hig | 0.46 | — | 0.00 | Feb 10, 2026 | Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption. | ||
| CVE-2024-25743 | Hig | 0.46 | 7.1 | 0.00 | May 15, 2024 | In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES. | ||
| CVE-2025-48513 | Med | 0.45 | — | 0.00 | May 15, 2026 | Use of uninitialized resource within the AMD Platform Management Framework (PMF) could allow an attacker to read a uninitialized kernel memory resulting in loss of confidentiality or availability. | ||
| CVE-2025-48521 | Med | 0.45 | — | 0.00 | May 15, 2026 | Improper input validation in the AMD Secure Processor (ASP) PCI driver could allow a local attacker to trigger a Use-After-Free (UAF) condition, potentially resulting in a loss of platform integrity or crash. | ||
| CVE-2025-48520 | Med | 0.45 | — | 0.00 | May 15, 2026 | An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a crash | ||
| CVE-2025-0045 | Med | 0.45 | — | 0.00 | May 15, 2026 | Improper Input validation in the AMD Secure Processor (ASP) PCI driver may allow a local attacker to create a buffer overflow condition, potentially resulting in a crash or denial of service | ||
| CVE-2025-29939 | Med | 0.45 | — | 0.00 | Feb 10, 2026 | Improper access control in secure encrypted virtualization (SEV) could allow a privileged attacker to write to the reverse map page (RMP) during secure nested paging (SNP) initialization, potentially resulting in a loss of guest memory confidentiality and integrity. | ||
| CVE-2025-29944 | Med | 0.44 | — | 0.00 | May 15, 2026 | A buffer overflow vulnerability within AMD Sensor Fusion Hub Driver can allow a local attacker to write out of bounds, potentially resulting in denial of service or crash | ||
| CVE-2025-52536 | Med | 0.44 | — | 0.00 | Feb 10, 2026 | Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity. | ||
| CVE-2025-0038 | Med | 0.43 | 6.6 | 0.00 | Oct 6, 2025 | In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces resulting in the loss of integrity and confidentiality. | ||
| CVE-2025-0037 | Med | 0.43 | 6.6 | 0.00 | Jun 10, 2025 | In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality. | ||
| CVE-2026-43031 | Hig | 0.42 | 7.5 | 0.00 | May 1, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets When a TX packet spans multiple buffer descriptors (scatter-gather), axienet_free_tx_chain sums the per-BD actual length from descriptor status… | ||
| CVE-2024-36347 | Med | 0.42 | 6.4 | 0.00 | Jun 27, 2025 | Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in… | ||
| CVE-2024-36319 | Med | 0.41 | — | 0.00 | Feb 12, 2026 | Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system. | ||
| CVE-2025-0033 | Med | 0.39 | 6.0 | 0.00 | Oct 14, 2025 | Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity. | ||
| CVE-2024-36346 | Med | 0.39 | 6.0 | 0.00 | Sep 6, 2025 | Improper input validation in AMD Power Management Firmware (PMFW) could allow a privileged attacker from Guest VM to send arbitrary input data potentially causing a GPU Reset condition. | ||
| CVE-2023-31352 | Med | 0.39 | 6.0 | 0.00 | Feb 11, 2025 | A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data. | ||
| CVE-2025-29937 | Med | 0.38 | — | 0.00 | May 15, 2026 | An out of bounds read within the AMD Platform Management Framework (PMF) could allow an attacker to trigger a read of an arbitrary memory location potentially resulting in loss of availability or confidentiality. | ||
| CVE-2025-54510 | Med | 0.38 | — | 0.00 | Apr 16, 2026 | A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity. | ||
| CVE-2025-29952 | Med | 0.38 | — | 0.00 | Feb 10, 2026 | Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity | ||
| CVE-2025-29948 | Med | 0.38 | — | 0.00 | Feb 10, 2026 | Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory integrity. | ||
| CVE-2024-21953 | Med | 0.38 | — | 0.00 | Feb 10, 2026 | Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity. | ||
| CVE-2025-0007 | Med | 0.37 | 5.7 | 0.00 | Nov 24, 2025 | Insufficient validation within Xilinx Run Time framework could allow a local attacker to escalate privileges from user space to kernel space, potentially compromising confidentiality, integrity, and/or availability. | ||
| CVE-2023-20515 | Med | 0.37 | 5.7 | 0.00 | Feb 11, 2025 | Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability. | ||
| CVE-2024-21981 | Med | 0.37 | 5.7 | 0.00 | Aug 13, 2024 | Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity. | ||
| CVE-2026-28237 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability. | ||
| CVE-2026-0466 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service. | ||
| CVE-2025-0009 | Med | 0.36 | 5.5 | 0.00 | Sep 6, 2025 | A NULL pointer dereference in AMD Crash Defender could allow an attacker to write a NULL output to a log file potentially resulting in a system crash and loss of availability. | ||
| CVE-2024-21971 | Med | 0.36 | 5.5 | 0.00 | Feb 12, 2025 | Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service. | ||
| CVE-2017-7262 | Med | 0.36 | 5.5 | 0.00 | Mar 25, 2017 | The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite. | ||
| CVE-2025-48515 | Med | 0.35 | — | 0.00 | Feb 10, 2026 | Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution. | ||
| CVE-2025-54511 | Med | 0.34 | — | 0.00 | May 15, 2026 | Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability. | ||
| CVE-2025-52534 | Med | 0.34 | — | 0.00 | Feb 10, 2026 | Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity. | ||
| CVE-2025-29934 | Med | 0.34 | 5.3 | 0.00 | Nov 21, 2025 | A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity. | ||
| CVE-2023-20582 | Med | 0.34 | 5.3 | 0.00 | Feb 11, 2025 | Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity. | ||
| CVE-2021-46746 | Med | 0.34 | 5.2 | 0.00 | Aug 13, 2024 | Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service. | ||
| CVE-2024-21979 | Med | 0.34 | 5.3 | 0.00 | Apr 23, 2024 | An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. |
- risk 0.47cvss 7.3epss 0.00
A DLL hijacking vulnerability in the AMD Ryzen™ Master Utility could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
- risk 0.47cvss 7.3epss 0.00
A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
- risk 0.47cvss 7.3epss 0.00
Incorrect default permissions in the AMD Integrated Management Technology (AIM-T) Manageability Service installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
- risk 0.47cvss —epss 0.00
Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege escalation.
- risk 0.46cvss —epss 0.00
Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System Management Network) apertures leading to a potential escalation of privileges.
- risk 0.46cvss 8.1epss 0.01
AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shm_broadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle…
- risk 0.46cvss —epss 0.00
Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution.
- risk 0.46cvss —epss 0.00
An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to write to an arbitrary memory address resulting in denial of service or arbitrary code execution.
- risk 0.46cvss —epss 0.00
Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next…
- risk 0.46cvss —epss 0.00
Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.
- risk 0.46cvss —epss 0.00
Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.
- risk 0.46cvss —epss 0.00
Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
- risk 0.46cvss —epss 0.00
Integer Overflow within atihdwt6.sys can allow a local attacker to cause out of bound read/write potentially leading to loss of confidentiality, integrity and availability
- risk 0.46cvss —epss 0.00
Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption.
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES.
- risk 0.45cvss —epss 0.00
Use of uninitialized resource within the AMD Platform Management Framework (PMF) could allow an attacker to read a uninitialized kernel memory resulting in loss of confidentiality or availability.
- risk 0.45cvss —epss 0.00
Improper input validation in the AMD Secure Processor (ASP) PCI driver could allow a local attacker to trigger a Use-After-Free (UAF) condition, potentially resulting in a loss of platform integrity or crash.
- risk 0.45cvss —epss 0.00
An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a crash
- risk 0.45cvss —epss 0.00
Improper Input validation in the AMD Secure Processor (ASP) PCI driver may allow a local attacker to create a buffer overflow condition, potentially resulting in a crash or denial of service
- risk 0.45cvss —epss 0.00
Improper access control in secure encrypted virtualization (SEV) could allow a privileged attacker to write to the reverse map page (RMP) during secure nested paging (SNP) initialization, potentially resulting in a loss of guest memory confidentiality and integrity.
- risk 0.44cvss —epss 0.00
A buffer overflow vulnerability within AMD Sensor Fusion Hub Driver can allow a local attacker to write out of bounds, potentially resulting in denial of service or crash
- risk 0.44cvss —epss 0.00
Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity.
- risk 0.43cvss 6.6epss 0.00
In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces resulting in the loss of integrity and confidentiality.
- risk 0.43cvss 6.6epss 0.00
In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality.
- risk 0.42cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets When a TX packet spans multiple buffer descriptors (scatter-gather), axienet_free_tx_chain sums the per-BD actual length from descriptor status…
- risk 0.42cvss 6.4epss 0.00
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in…
- risk 0.41cvss —epss 0.00
Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system.
- risk 0.39cvss 6.0epss 0.00
Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity.
- risk 0.39cvss 6.0epss 0.00
Improper input validation in AMD Power Management Firmware (PMFW) could allow a privileged attacker from Guest VM to send arbitrary input data potentially causing a GPU Reset condition.
- risk 0.39cvss 6.0epss 0.00
A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data.
- risk 0.38cvss —epss 0.00
An out of bounds read within the AMD Platform Management Framework (PMF) could allow an attacker to trigger a read of an arbitrary memory location potentially resulting in loss of availability or confidentiality.
- risk 0.38cvss —epss 0.00
A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity.
- risk 0.38cvss —epss 0.00
Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity
- risk 0.38cvss —epss 0.00
Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory integrity.
- risk 0.38cvss —epss 0.00
Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity.
- risk 0.37cvss 5.7epss 0.00
Insufficient validation within Xilinx Run Time framework could allow a local attacker to escalate privileges from user space to kernel space, potentially compromising confidentiality, integrity, and/or availability.
- risk 0.37cvss 5.7epss 0.00
Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.
- risk 0.37cvss 5.7epss 0.00
Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.
- risk 0.36cvss 5.5epss 0.00
Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability.
- risk 0.36cvss 5.5epss 0.00
Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service.
- risk 0.36cvss 5.5epss 0.00
A NULL pointer dereference in AMD Crash Defender could allow an attacker to write a NULL output to a log file potentially resulting in a system crash and loss of availability.
- risk 0.36cvss 5.5epss 0.00
Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service.
- risk 0.36cvss 5.5epss 0.00
The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite.
- risk 0.35cvss —epss 0.00
Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution.
- risk 0.34cvss —epss 0.00
Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability.
- risk 0.34cvss —epss 0.00
Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity.
- risk 0.34cvss 5.3epss 0.00
A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity.
- risk 0.34cvss 5.3epss 0.00
Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity.
- risk 0.34cvss 5.2epss 0.00
Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service.
- risk 0.34cvss 5.3epss 0.00
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution.
Page 2 of 8