Vulnerabilities > AMD
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-20519 | Use After Free vulnerability in AMD Genoapi Firmware and Milanpi Firmware A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. | 3.3 |
| 2023-11-14 | CVE-2023-20521 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. | 5.7 |
| 2023-11-14 | CVE-2023-20526 | Unspecified vulnerability in AMD products Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. low complexity amd | 4.6 |
| 2023-11-14 | CVE-2023-20533 | Unspecified vulnerability in AMD products Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. | 7.5 |
| 2023-11-14 | CVE-2023-20563 | Improper Privilege Management vulnerability in AMD products Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. | 7.8 |
| 2023-11-14 | CVE-2023-20565 | Improper Privilege Management vulnerability in AMD products Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. | 7.8 |
| 2023-11-14 | CVE-2023-20566 | Unspecified vulnerability in AMD products Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. | 7.5 |
| 2023-11-14 | CVE-2023-20567 | Improper Verification of Cryptographic Signature vulnerability in multiple products Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution. | 6.7 |
| 2023-11-14 | CVE-2023-20568 | Improper Verification of Cryptographic Signature vulnerability in multiple products Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution. | 6.7 |
| 2023-11-14 | CVE-2023-20571 | Race Condition vulnerability in AMD products A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation. | 8.1 |