Vulnerabilities > AMD
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-20571 | Race Condition vulnerability in AMD products A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation. | 8.1 |
| 2023-11-14 | CVE-2023-20592 | Unspecified vulnerability in AMD products Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity. | 6.5 |
| 2023-11-14 | CVE-2023-20596 | Unspecified vulnerability in AMD products Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution. | 9.8 |
| 2023-11-14 | CVE-2023-31320 | Improper Input Validation vulnerability in AMD products Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service. | 7.5 |
| 2023-10-17 | CVE-2023-20598 | Unspecified vulnerability in AMD Radeon Software 23.7.1/23.Q3 An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution. | 7.8 |
| 2023-09-27 | CVE-2023-44216 | Information Exposure Through Discrepancy vulnerability in multiple products PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. | 5.3 |
| 2023-09-20 | CVE-2023-20594 | Improper Initialization vulnerability in AMD products Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | 4.4 |
| 2023-09-20 | CVE-2023-20597 | Improper Initialization vulnerability in AMD products Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | 5.5 |
| 2023-08-15 | CVE-2023-20560 | Improper Input Validation vulnerability in AMD Ryzen Master and Ryzen Master Monitoring SDK Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service. | 4.4 |
| 2023-08-15 | CVE-2023-20564 | Improper Input Validation vulnerability in AMD Ryzen Master and Ryzen Master Monitoring SDK Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution. | 6.7 |