VYPR

Vendor CVEs

AMD

All CVEs

357 total · sorted by risk
  • CVE-2025-38583Aug 19, 2025
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: clk: xilinx: vcu: unregister pll_post only if registered correctly If registration of pll_post is failed, it will be set to NULL or ERR, unregistering same will fail with following call trace: Unable to…

  • CVE-2023-31359May 13, 2025
    risk 0.00cvss epss 0.00

    Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

  • CVE-2023-31358May 13, 2025
    risk 0.00cvss epss 0.00

    A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

  • CVE-2024-36340May 13, 2025
    risk 0.00cvss epss 0.00

    A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure.

  • CVE-2024-21958Nov 12, 2024
    risk 0.00cvss epss 0.00

    Incorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

  • CVE-2024-21946Nov 12, 2024
    risk 0.00cvss epss 0.00

    Incorrect default permissions in the AMD RyzenTM Master Utility installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

  • CVE-2024-21945Nov 12, 2024
    risk 0.00cvss epss 0.00

    Incorrect default permissions in the AMD RyzenTM Master monitoring SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

  • CVE-2024-21939Nov 12, 2024
    risk 0.00cvss epss 0.00

    Incorrect default permissions in the AMD Cloud Manageability Service (ACMS) Software installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

  • CVE-2024-21938Nov 12, 2024
    risk 0.00cvss epss 0.00

    Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

  • CVE-2024-21937Nov 12, 2024
    risk 0.00cvss epss 0.00

    Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

  • CVE-2023-31366Aug 13, 2024
    risk 0.00cvss epss 0.00

    Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service.

  • CVE-2023-31349Aug 13, 2024
    risk 0.00cvss epss 0.00

    Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

  • CVE-2023-31348Aug 13, 2024
    risk 0.00cvss epss 0.00

    A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

  • CVE-2023-31341Aug 13, 2024
    risk 0.00cvss epss 0.00

    Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.

  • CVE-2023-20584Aug 13, 2024
    risk 0.00cvss epss 0.00

    IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.

  • CVE-2023-20578Aug 13, 2024
    risk 0.00cvss epss 0.00

    A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.

  • CVE-2021-26344Aug 13, 2024
    risk 0.00cvss epss 0.00

    An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution.

  • CVE-2024-26649Mar 26, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer when load rlc firmware If the RLC firmware is invalid because of wrong header size, the pointer to the rlc firmware is released in function amdgpu_ucode_request. There will be…

  • CVE-2021-46757Feb 13, 2024
    risk 0.00cvss epss 0.00

    Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation.

  • CVE-2023-31347Feb 13, 2024
    risk 0.00cvss epss 0.00

    Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity.  

  • CVE-2023-20592Nov 14, 2023
    risk 0.00cvss epss 0.01

    Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.

  • CVE-2023-20519Nov 14, 2023
    risk 0.00cvss epss 0.00

    A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.

  • CVE-2022-23830Nov 14, 2023
    risk 0.00cvss epss 0.00

    SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.

  • CVE-2023-20526Nov 14, 2023
    risk 0.00cvss epss 0.00

    Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.

  • CVE-2023-20521Nov 14, 2023
    risk 0.00cvss epss 0.00

    TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

  • CVE-2022-23820Nov 14, 2023
    risk 0.00cvss epss 0.01

    Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.

  • CVE-2021-46766Nov 14, 2023
    risk 0.00cvss epss 0.00

    Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.

  • CVE-2023-31320Nov 14, 2023
    risk 0.00cvss epss 0.01

    Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.

  • CVE-2023-20568Nov 14, 2023
    risk 0.00cvss epss 0.00

    Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.

  • CVE-2023-20567Nov 14, 2023
    risk 0.00cvss epss 0.00

    Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.

  • CVE-2023-20598Oct 17, 2023
    risk 0.00cvss epss 0.00

    An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.

  • CVE-2023-20560Aug 15, 2023
    risk 0.00cvss epss 0.00

    Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service.

  • CVE-2023-20564Aug 15, 2023
    risk 0.00cvss epss 0.00

    Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution.

  • CVE-2023-20561Aug 8, 2023
    risk 0.00cvss epss 0.00

    Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.

  • CVE-2023-20556Aug 8, 2023
    risk 0.00cvss epss 0.00

    Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.

  • CVE-2023-20555Aug 8, 2023
    risk 0.00cvss epss 0.00

    Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.

  • CVE-2023-20588Aug 8, 2023
    risk 0.00cvss epss 0.12

    A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 

  • CVE-2023-20586Aug 8, 2023
    risk 0.00cvss epss 0.01

    A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations

  • CVE-2023-20569Aug 8, 2023
    risk 0.00cvss epss 0.06

    A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

  • CVE-2023-20810Aug 7, 2023
    risk 0.00cvss epss 0.00

    In IOMMU, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061.

  • CVE-2023-20583Aug 1, 2023
    risk 0.00cvss epss 0.00

    A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.

  • CVE-2023-20575Jul 11, 2023
    risk 0.00cvss epss 0.01

    A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.

  • CVE-2023-20747Jun 6, 2023
    risk 0.00cvss epss 0.00

    In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519121.

  • CVE-2023-20746Jun 6, 2023
    risk 0.00cvss epss 0.00

    In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519217.

  • CVE-2023-20745Jun 6, 2023
    risk 0.00cvss epss 0.00

    In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07560694.

  • CVE-2023-20743Jun 6, 2023
    risk 0.00cvss epss 0.00

    In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519142.

  • CVE-2023-20740Jun 6, 2023
    risk 0.00cvss epss 0.00

    In vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559819; Issue ID: ALPS07559840.

  • CVE-2023-20735Jun 6, 2023
    risk 0.00cvss epss 0.00

    In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645178.

  • CVE-2023-20733Jun 6, 2023
    risk 0.00cvss epss 0.00

    In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645149.

  • CVE-2023-20673May 15, 2023
    risk 0.00cvss epss 0.00

    In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519103.

Page 4 of 8