Vulnerabilities > AMD
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-10 | CVE-2021-26352 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service. | 5.5 |
| 2022-05-10 | CVE-2021-26353 | Improper Initialization vulnerability in AMD products Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity. | 7.8 |
| 2022-05-10 | CVE-2021-26370 | Improper Input Validation vulnerability in AMD products Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability. | 7.1 |
| 2022-05-10 | CVE-2021-26390 | Unspecified vulnerability in AMD products A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data. | 6.2 |
| 2022-05-10 | CVE-2021-26408 | Unspecified vulnerability in AMD products Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest's integrity or confidentiality. | 7.1 |
| 2022-05-10 | CVE-2021-46771 | Unspecified vulnerability in AMD products Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application. | 7.8 |
| 2022-03-11 | CVE-2021-26341 | Improper Cross-boundary Removal of Sensitive Data vulnerability in AMD products Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. | 6.5 |
| 2022-03-11 | CVE-2021-26401 | Unspecified vulnerability in AMD products LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. | 5.6 |
| 2022-02-10 | CVE-2021-44850 | Insufficient Verification of Data Authenticity vulnerability in AMD products On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. | 6.8 |
| 2022-02-04 | CVE-2020-12891 | Uncontrolled Search Path Element vulnerability in AMD Radeon PRO Software and Radeon Software AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. | 7.8 |