Vulnerabilities > AMD
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-12 | CVE-2024-21949 | Unspecified vulnerability in AMD Ryzen AI Software Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash. | 5.5 |
| 2024-11-12 | CVE-2024-21974 | Unspecified vulnerability in AMD Ryzen AI Software Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. | 7.8 |
| 2024-11-12 | CVE-2024-21975 | Unspecified vulnerability in AMD Ryzen AI Software Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. | 7.8 |
| 2024-08-13 | CVE-2023-20578 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution. | 6.4 |
| 2024-02-13 | CVE-2021-46757 | Unspecified vulnerability in AMD products Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation. | 7.8 |
| 2024-02-13 | CVE-2023-20579 | Unspecified vulnerability in AMD products Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability. | 6.0 |
| 2024-02-13 | CVE-2023-31346 | Unspecified vulnerability in AMD products Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests. | 6.0 |
| 2024-02-13 | CVE-2023-31347 | Unspecified vulnerability in AMD products Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity. | 4.9 |
| 2024-02-13 | CVE-2023-20570 | Insufficient Verification of Data Authenticity vulnerability in AMD products Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams. | 3.3 |
| 2024-01-16 | CVE-2023-4969 | Memory Leak vulnerability in multiple products A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures. | 6.5 |