Vendor CVEs
AMD
All CVEs
357 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-20717 | 0.00 | — | 0.00 | May 15, 2023 | In vcu, there is a possible leak of dma buffer due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645185; Issue ID: ALPS07645185. | |||
| CVE-2021-46794 | 0.00 | — | 0.01 | May 9, 2023 | Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service. | |||
| CVE-2021-46773 | 0.00 | — | 0.01 | May 9, 2023 | Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution. | |||
| CVE-2021-46759 | 0.00 | — | 0.00 | May 9, 2023 | Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port,… | |||
| CVE-2021-46756 | 0.00 | — | 0.01 | May 9, 2023 | Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity. … | |||
| CVE-2021-46755 | 0.00 | — | 0.01 | May 9, 2023 | Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service. | |||
| CVE-2021-46754 | 0.00 | — | 0.01 | May 9, 2023 | Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and… | |||
| CVE-2021-46753 | 0.00 | — | 0.01 | May 9, 2023 | Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and… | |||
| CVE-2021-26406 | 0.00 | — | 0.00 | May 9, 2023 | Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service. | |||
| CVE-2021-26356 | 0.00 | — | 0.00 | May 9, 2023 | A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure. | |||
| CVE-2023-20520 | 0.00 | — | 0.01 | May 9, 2023 | Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution. | |||
| CVE-2022-23818 | 0.00 | — | 0.01 | May 9, 2023 | Insufficient input validation on the model specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest memory integrity. | |||
| CVE-2021-46775 | 0.00 | — | 0.00 | May 9, 2023 | Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution. | |||
| CVE-2021-46763 | 0.00 | — | 0.00 | May 9, 2023 | Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity. | |||
| CVE-2021-46762 | 0.00 | — | 0.00 | May 9, 2023 | Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service. | |||
| CVE-2021-26379 | 0.00 | — | 0.01 | May 9, 2023 | Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation. | |||
| CVE-2023-20558 | 0.00 | — | 0.01 | Mar 23, 2023 | Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. | |||
| CVE-2023-20559 | 0.00 | — | 0.01 | Mar 23, 2023 | Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. | |||
| CVE-2022-27677 | 0.00 | — | 0.00 | Feb 14, 2023 | Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user. | |||
| CVE-2023-20618 | 0.00 | — | 0.00 | Feb 6, 2023 | In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519184; Issue ID: ALPS07519184. | |||
| CVE-2023-20530 | 0.00 | — | 0.01 | Jan 10, 2023 | Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service. | |||
| CVE-2023-20528 | 0.00 | — | 0.00 | Jan 10, 2023 | Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality. | |||
| CVE-2023-20527 | 0.00 | — | 0.01 | Jan 10, 2023 | Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service. | |||
| CVE-2023-20525 | 0.00 | — | 0.01 | Jan 10, 2023 | Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service. | |||
| CVE-2021-46779 | 0.00 | — | 0.00 | Jan 10, 2023 | Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability. | |||
| CVE-2021-46768 | 0.00 | — | 0.00 | Jan 10, 2023 | Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service. | |||
| CVE-2021-26404 | 0.00 | — | 0.00 | Jan 10, 2023 | Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure. | |||
| CVE-2021-26403 | 0.00 | — | 0.00 | Jan 10, 2023 | Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality. | |||
| CVE-2021-26402 | 0.00 | — | 0.00 | Jan 10, 2023 | Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability. | |||
| CVE-2021-26396 | 0.00 | — | 0.00 | Jan 10, 2023 | Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss of memory integrity in the SNP guest. | |||
| CVE-2021-26343 | 0.00 | — | 0.00 | Jan 10, 2023 | Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure. | |||
| CVE-2021-26328 | 0.00 | — | 0.00 | Jan 10, 2023 | Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests. | |||
| CVE-2021-46795 | 0.00 | — | 0.00 | Jan 10, 2023 | A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service. | |||
| CVE-2021-26346 | 0.00 | — | 0.00 | Jan 10, 2023 | Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service. | |||
| CVE-2022-42269 | 0.00 | — | 0.00 | Dec 30, 2022 | NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other components. | |||
| CVE-2022-23824 | 0.00 | — | 0.01 | Nov 9, 2022 | IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. | |||
| CVE-2022-27673 | 0.00 | — | 0.01 | Nov 9, 2022 | Insufficient access controls in the AMD Link Android app may potentially result in information disclosure. | |||
| CVE-2022-23831 | 0.00 | — | 0.01 | Nov 9, 2022 | Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. | |||
| CVE-2022-27674 | 0.00 | — | 0.01 | Nov 9, 2022 | Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. | |||
| CVE-2021-26360 | 0.00 | — | 0.00 | Nov 9, 2022 | An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP. | |||
| CVE-2020-12930 | 0.00 | — | 0.00 | Nov 9, 2022 | Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | |||
| CVE-2021-26393 | 0.00 | — | 0.00 | Nov 9, 2022 | Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting… | |||
| CVE-2021-26391 | 0.00 | — | 0.00 | Nov 9, 2022 | Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel. | |||
| CVE-2020-12931 | 0.00 | — | 0.00 | Nov 9, 2022 | Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | |||
| CVE-2022-32613 | 0.00 | — | 0.00 | Nov 8, 2022 | In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340. | |||
| CVE-2022-32610 | 0.00 | — | 0.00 | Nov 8, 2022 | In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203476; Issue ID: ALPS07203476. | |||
| CVE-2021-46778 | 0.00 | — | 0.00 | Aug 9, 2022 | Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may… | |||
| CVE-2021-26382 | 0.00 | — | 0.00 | Jul 14, 2022 | An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service. | |||
| CVE-2022-23825 | 0.00 | — | 0.01 | Jul 14, 2022 | Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. | |||
| CVE-2022-29900 | 0.00 | — | 0.04 | Jul 12, 2022 | Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. |
- CVE-2023-20717May 15, 2023risk 0.00cvss —epss 0.00
In vcu, there is a possible leak of dma buffer due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645185; Issue ID: ALPS07645185.
- CVE-2021-46794May 9, 2023risk 0.00cvss —epss 0.01
Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.
- CVE-2021-46773May 9, 2023risk 0.00cvss —epss 0.01
Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution.
- CVE-2021-46759May 9, 2023risk 0.00cvss —epss 0.00
Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port,…
- CVE-2021-46756May 9, 2023risk 0.00cvss —epss 0.01
Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity. …
- CVE-2021-46755May 9, 2023risk 0.00cvss —epss 0.01
Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service.
- CVE-2021-46754May 9, 2023risk 0.00cvss —epss 0.01
Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and…
- CVE-2021-46753May 9, 2023risk 0.00cvss —epss 0.01
Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and…
- CVE-2021-26406May 9, 2023risk 0.00cvss —epss 0.00
Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service.
- CVE-2021-26356May 9, 2023risk 0.00cvss —epss 0.00
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
- CVE-2023-20520May 9, 2023risk 0.00cvss —epss 0.01
Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution.
- CVE-2022-23818May 9, 2023risk 0.00cvss —epss 0.01
Insufficient input validation on the model specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest memory integrity.
- CVE-2021-46775May 9, 2023risk 0.00cvss —epss 0.00
Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution.
- CVE-2021-46763May 9, 2023risk 0.00cvss —epss 0.00
Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity.
- CVE-2021-46762May 9, 2023risk 0.00cvss —epss 0.00
Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service.
- CVE-2021-26379May 9, 2023risk 0.00cvss —epss 0.01
Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation.
- CVE-2023-20558Mar 23, 2023risk 0.00cvss —epss 0.01
Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.
- CVE-2023-20559Mar 23, 2023risk 0.00cvss —epss 0.01
Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.
- CVE-2022-27677Feb 14, 2023risk 0.00cvss —epss 0.00
Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user.
- CVE-2023-20618Feb 6, 2023risk 0.00cvss —epss 0.00
In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519184; Issue ID: ALPS07519184.
- CVE-2023-20530Jan 10, 2023risk 0.00cvss —epss 0.01
Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.
- CVE-2023-20528Jan 10, 2023risk 0.00cvss —epss 0.00
Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.
- CVE-2023-20527Jan 10, 2023risk 0.00cvss —epss 0.01
Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.
- CVE-2023-20525Jan 10, 2023risk 0.00cvss —epss 0.01
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.
- CVE-2021-46779Jan 10, 2023risk 0.00cvss —epss 0.00
Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability.
- CVE-2021-46768Jan 10, 2023risk 0.00cvss —epss 0.00
Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service.
- CVE-2021-26404Jan 10, 2023risk 0.00cvss —epss 0.00
Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.
- CVE-2021-26403Jan 10, 2023risk 0.00cvss —epss 0.00
Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.
- CVE-2021-26402Jan 10, 2023risk 0.00cvss —epss 0.00
Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability.
- CVE-2021-26396Jan 10, 2023risk 0.00cvss —epss 0.00
Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss of memory integrity in the SNP guest.
- CVE-2021-26343Jan 10, 2023risk 0.00cvss —epss 0.00
Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.
- CVE-2021-26328Jan 10, 2023risk 0.00cvss —epss 0.00
Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests.
- CVE-2021-46795Jan 10, 2023risk 0.00cvss —epss 0.00
A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.
- CVE-2021-26346Jan 10, 2023risk 0.00cvss —epss 0.00
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
- CVE-2022-42269Dec 30, 2022risk 0.00cvss —epss 0.00
NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other components.
- CVE-2022-23824Nov 9, 2022risk 0.00cvss —epss 0.01
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
- CVE-2022-27673Nov 9, 2022risk 0.00cvss —epss 0.01
Insufficient access controls in the AMD Link Android app may potentially result in information disclosure.
- CVE-2022-23831Nov 9, 2022risk 0.00cvss —epss 0.01
Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.
- CVE-2022-27674Nov 9, 2022risk 0.00cvss —epss 0.01
Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.
- CVE-2021-26360Nov 9, 2022risk 0.00cvss —epss 0.00
An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.
- CVE-2020-12930Nov 9, 2022risk 0.00cvss —epss 0.00
Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
- CVE-2021-26393Nov 9, 2022risk 0.00cvss —epss 0.00
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting…
- CVE-2021-26391Nov 9, 2022risk 0.00cvss —epss 0.00
Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.
- CVE-2020-12931Nov 9, 2022risk 0.00cvss —epss 0.00
Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
- CVE-2022-32613Nov 8, 2022risk 0.00cvss —epss 0.00
In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340.
- CVE-2022-32610Nov 8, 2022risk 0.00cvss —epss 0.00
In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203476; Issue ID: ALPS07203476.
- CVE-2021-46778Aug 9, 2022risk 0.00cvss —epss 0.00
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may…
- CVE-2021-26382Jul 14, 2022risk 0.00cvss —epss 0.00
An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service.
- CVE-2022-23825Jul 14, 2022risk 0.00cvss —epss 0.01
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
- CVE-2022-29900Jul 12, 2022risk 0.00cvss —epss 0.04
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Page 5 of 8