Vulnerabilities > AMD > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-11 | CVE-2023-20530 | Improper Input Validation vulnerability in AMD products Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service. | 7.5 |
| 2023-01-11 | CVE-2023-20531 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service. | 7.5 |
| 2022-11-15 | CVE-2022-29277 | Out-of-bounds Write vulnerability in multiple products Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. | 8.8 |
| 2022-11-09 | CVE-2020-12930 | Unspecified vulnerability in AMD products Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | 7.8 |
| 2022-11-09 | CVE-2020-12931 | Unspecified vulnerability in AMD products Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity. | 7.8 |
| 2022-11-09 | CVE-2021-26360 | Unspecified vulnerability in AMD products An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. | 7.8 |
| 2022-11-09 | CVE-2021-26391 | Unspecified vulnerability in AMD products Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel. | 7.8 |
| 2022-11-09 | CVE-2021-26392 | Out-of-bounds Write vulnerability in AMD products Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA. | 7.8 |
| 2022-11-09 | CVE-2022-23831 | Unspecified vulnerability in AMD Uprof 3.4.494/3.4.502 Insufficient validation of the IOCTL input buffer in AMD µProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. | 7.5 |
| 2022-11-09 | CVE-2022-27673 | Unspecified vulnerability in AMD Link Insufficient access controls in the AMD Link Android app may potentially result in information disclosure. | 7.5 |