Vulnerabilities > AMD > Radeon Software
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-09 | CVE-2021-26392 | Out-of-bounds Write vulnerability in AMD products Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA. | 7.8 |
| 2022-11-09 | CVE-2021-26393 | Memory Leak vulnerability in AMD products Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality. | 5.5 |
| 2022-05-12 | CVE-2021-26317 | Unspecified vulnerability in AMD products Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution. | 7.8 |
| 2022-05-12 | CVE-2021-26363 | Unspecified vulnerability in AMD products A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure. | 4.4 |
| 2022-05-12 | CVE-2021-26361 | Unspecified vulnerability in AMD products A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure. | 5.5 |
| 2022-05-12 | CVE-2021-26362 | Unspecified vulnerability in AMD products A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading to a loss of integrity and availability. | 7.1 |
| 2022-05-12 | CVE-2021-26366 | Unspecified vulnerability in AMD products An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity. | 7.1 |
| 2022-05-12 | CVE-2021-26369 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses. | 7.8 |
| 2022-02-04 | CVE-2020-12891 | Uncontrolled Search Path Element vulnerability in AMD Radeon PRO Software and Radeon Software AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. | 7.8 |
| 2021-11-15 | CVE-2020-12893 | Out-of-bounds Write vulnerability in AMD Radeon Software 20.7.1 Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service. | 7.8 |