Vulnerabilities > AMD
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-11 | CVE-2023-20573 | Unspecified vulnerability in AMD products A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information. | 3.2 |
| 2023-11-14 | CVE-2021-26345 | Out-of-bounds Read vulnerability in AMD products Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. | 4.9 |
| 2023-11-14 | CVE-2021-46748 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service. | 5.5 |
| 2023-11-14 | CVE-2021-46758 | Unspecified vulnerability in AMD products Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity. low complexity amd | 6.1 |
| 2023-11-14 | CVE-2021-46766 | Incomplete Cleanup vulnerability in AMD products Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. | 5.5 |
| 2023-11-14 | CVE-2021-46774 | Unspecified vulnerability in AMD products Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. | 7.5 |
| 2023-11-14 | CVE-2022-23820 | Improper Input Validation vulnerability in AMD products Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. | 9.8 |
| 2023-11-14 | CVE-2022-23821 | Unspecified vulnerability in AMD products Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution. | 9.8 |
| 2023-11-14 | CVE-2022-23830 | Unspecified vulnerability in AMD products SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. | 5.3 |
| 2023-11-14 | CVE-2023-20519 | Use After Free vulnerability in AMD Genoapi Firmware and Milanpi Firmware A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. | 3.3 |