Vulnerabilities > AMD > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-09 | CVE-2023-20520 | Out-of-bounds Write vulnerability in AMD products Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution. | 9.8 |
| 2021-12-01 | CVE-2021-26334 | Unspecified vulnerability in AMD Uprof 3.4.494 The AMDPowerProfiler.sys driver of AMD µProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user. | 9.9 |
| 2021-05-13 | CVE-2020-12967 | Command Injection vulnerability in AMD products The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor. | 9.0 |
| 2021-05-13 | CVE-2021-26311 | Command Injection vulnerability in AMD products In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor. | 9.0 |
| 2020-04-27 | CVE-2020-12138 | Improper Privilege Management vulnerability in AMD Atillk64 5.11.9.0 AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. | 9.0 |
| 2018-03-22 | CVE-2018-8936 | Unspecified vulnerability in AMD products The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation. | 9.3 |
| 2018-03-22 | CVE-2018-8935 | Unspecified vulnerability in AMD Ryzen Firmware and Ryzen PRO Firmware The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW. | 9.3 |
| 2018-03-22 | CVE-2018-8934 | Unspecified vulnerability in AMD Ryzen Firmware and Ryzen PRO Firmware The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. | 9.3 |
| 2018-03-22 | CVE-2018-8933 | Incorrect Permission Assignment for Critical Resource vulnerability in AMD Epyc Server Firmware The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. | 9.3 |
| 2018-03-22 | CVE-2018-8932 | Incorrect Permission Assignment for Critical Resource vulnerability in AMD Ryzen Firmware and Ryzen PRO Firmware The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. | 9.3 |