Vulnerabilities > AMD > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-20596 | Unspecified vulnerability in AMD products Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution. | 9.8 |
| 2023-11-14 | CVE-2022-23821 | Unspecified vulnerability in AMD products Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution. | 9.8 |
| 2023-11-14 | CVE-2022-23820 | Improper Input Validation vulnerability in AMD products Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. | 9.8 |
| 2023-08-08 | CVE-2023-20586 | Unspecified vulnerability in AMD Radeon Software A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. | 9.8 |
| 2023-05-09 | CVE-2021-46760 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution. | 9.8 |
| 2023-05-09 | CVE-2021-46756 | Improper Input Validation vulnerability in AMD products Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity. | 9.1 |
| 2023-05-09 | CVE-2021-46754 | Improper Input Validation vulnerability in AMD products Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and integrity. | 9.1 |
| 2023-05-09 | CVE-2023-20520 | Out-of-bounds Write vulnerability in AMD products Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution. | 9.8 |
| 2023-05-09 | CVE-2021-46762 | Improper Input Validation vulnerability in AMD products Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service. | 9.1 |
| 2023-05-09 | CVE-2021-46753 | Unspecified vulnerability in AMD products Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity. | 9.1 |