Vulnerabilities > AMD
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2023-31348 | Uncontrolled Search Path Element vulnerability in AMD Uprof A DLL hijacking vulnerability in AMD µProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | 7.8 |
| 2024-08-13 | CVE-2023-31349 | Incorrect Default Permissions vulnerability in AMD Uprof Incorrect default permissions in the AMD µProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | 7.8 |
| 2024-08-13 | CVE-2023-31366 | Unspecified vulnerability in AMD Uprof Improper input validation in AMD µProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service. | 5.5 |
| 2024-08-05 | CVE-2023-31355 | Out-of-bounds Write vulnerability in AMD products Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest. | 6.0 |
| 2024-08-05 | CVE-2024-21978 | Unspecified vulnerability in AMD products Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption. | 7.9 |
| 2024-08-05 | CVE-2024-21980 | Out-of-bounds Write vulnerability in AMD products Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity. | 7.9 |
| 2024-02-13 | CVE-2021-46757 | Unspecified vulnerability in AMD products Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation. | 7.8 |
| 2024-02-13 | CVE-2023-20579 | Unspecified vulnerability in AMD products Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability. | 6.0 |
| 2024-02-13 | CVE-2023-31346 | Unspecified vulnerability in AMD products Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests. | 6.0 |
| 2024-02-13 | CVE-2023-31347 | Unspecified vulnerability in AMD products Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity. | 4.9 |