Vulnerabilities > AMD > Low

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2023-20570 Insufficient Verification of Data Authenticity vulnerability in AMD products
Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams.
local
low complexity
amd CWE-345
3.3
2024-01-11 CVE-2023-20573 Unspecified vulnerability in AMD products
A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information.
local
low complexity
amd
3.2
2023-11-14 CVE-2023-20519 Use After Free vulnerability in AMD Genoapi Firmware and Milanpi Firmware
A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.
local
low complexity
amd CWE-416
3.3
2023-01-11 CVE-2023-20528 Improper Input Validation vulnerability in AMD products
Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.
low complexity
amd CWE-20
2.4
2022-05-11 CVE-2021-26400 Unspecified vulnerability in AMD CPU
AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage.
local
low complexity
amd
2.1
2022-05-11 CVE-2021-26350 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products
A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service.
local
amd CWE-367
1.9
2022-05-11 CVE-2021-26349 Unspecified vulnerability in AMD products
Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA).
local
low complexity
amd
2.1
2022-05-11 CVE-2021-26348 Unspecified vulnerability in AMD products
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.
local
low complexity
amd
2.1
2022-05-11 CVE-2021-26342 Unspecified vulnerability in AMD products
In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB).
local
low complexity
amd
2.1
2022-03-11 CVE-2021-26401 Unspecified vulnerability in AMD products
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.
local
amd
1.9