Vulnerabilities > AMD
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-09 | CVE-2021-26360 | Unspecified vulnerability in AMD products An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. | 7.8 |
| 2022-11-09 | CVE-2021-26391 | Unspecified vulnerability in AMD products Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel. | 7.8 |
| 2022-11-09 | CVE-2021-26392 | Out-of-bounds Write vulnerability in AMD products Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA. | 7.8 |
| 2022-11-09 | CVE-2021-26393 | Memory Leak vulnerability in AMD products Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality. | 5.5 |
| 2022-11-09 | CVE-2022-23824 | IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. | 5.5 |
| 2022-11-09 | CVE-2022-23831 | Unspecified vulnerability in AMD Uprof 3.4.494/3.4.502 Insufficient validation of the IOCTL input buffer in AMD µProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. | 7.5 |
| 2022-11-09 | CVE-2022-27673 | Unspecified vulnerability in AMD Link Insufficient access controls in the AMD Link Android app may potentially result in information disclosure. | 7.5 |
| 2022-11-09 | CVE-2022-27674 | Unspecified vulnerability in AMD Uprof 3.4.494/3.4.502 Insufficient validation in the IOCTL input/output buffer in AMD µProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. | 7.5 |
| 2022-08-10 | CVE-2021-46778 | Information Exposure Through Discrepancy vulnerability in AMD products Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). | 5.6 |
| 2022-07-14 | CVE-2021-26382 | Unspecified vulnerability in AMD products An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service. | 4.4 |